Understanding the Twilio data breach

Image by methodshop from Pixabay

News of the recent Twilio data breach has been making the rounds. Honestly, when I saw it i didn’t fully understand the details, so I figured theres a chance that others were in the same boat. Here’s a quick summary of the important takeaways on the matter.

What is Twilio?

Twilio is a communication API, that’s used by developers to establish communications. Using their API makes it easy to give your application features like SMS, voice, video, WhatsApp accessibility, and even email capability. One of the popular apps that use Twilio is the Secure messaging app Signal.

Twilio (the company) acquired Authy in 2015. Authy is a widely used authentication app.

How did the breach happen?

The specifics of the attack were summed up well by Twilio themselves:

“On August 4, 2022, Twilio became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. This broad based attack against our employee base succeeded in fooling some employees into providing their credentials. The attackers then used the stolen credentials to gain access to some of our internal systems, where they were able to access certain customer data.”

How wide was the attack?

As of August 24th, Twilio believes that attacker accessed 163 Twilio customers (from a total of 270,000), and gained access to 93 Authy user accounts (out of 75 Million) and registered additional devices to their accounts.

Why is it important?

The reason this is a big deal is because so many apps use Twilio. Here’s a short list of some of the apps that use Twilio:

  • WhatsApp
  • WeChat
  • Telegram
  • Viber
  • Facebook Messenger
  • Kik
  • Instagram

Chances are that you are using at lease one of these apps, which means that there is a possibility that unknown hackers could have accessed your data. That includes backlogs of all messaging history, for example. Twilio has stated that they have reached out to anyone who them believe has been affected by this, for all that is worth. Still, it is pretty worrying to know that something like this can happen.

sources: Engadget, Twilio, Tekkiwebsolutions

Leave a Reply

Your email address will not be published. Required fields are marked *