Twilio suffered a data breach incident after an unauthorized party accessed information related to a limited number of its customer accounts through a sophisticated social engineering attack designed to steal employee credentials.
The attackers got succeeded in fooling some employees into providing their credentials and then used the stolen credentials to gain access to some of its internal systems, where they were able to access certain customer data.
The current and former employees of Twilio also received text messages purporting to be from our IT department that the employee's passwords had expired, or that their schedule had changed, and that they needed to log in to a URL the attacker controls.
Upon discovering the attack, the company immediately worked with U.S. carriers to shut down the actors and worked with the hosting providers serving the malicious URLs to shut those accounts down.
Source: https://www.twilio.com/blog/august-2022-social-engineering-attack
"id": "TWI1693922",
"linkid": "twilio-inc-",
"type": "Breach",
"date": "08/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"