The communications giant Twilio confirmed that hackers they managed to gain access on customer data after defrauding employees with phishing attacks.
The San Francisco-based company, which allows users to integrate voice and SMS capabilities — such as two-factor authentication (2FA) — into apps, said in a blog post Monday that someone with "unauthorized access" , accessed information related to certain Twilio customer accounts on August 4.
Twilio has more than 150.000 large customers, including Facebook and Uber.
According to the company, the unknown hacker convinced several Twilio employees to provide their credentials, which allowed him to gain access to the company's internal systems.
The attack used phishing SMSs purporting to come from Twilio's IT department. The messages stated that the employee's password had expired and advised the target to log in using a fake web address that the attacker controlled.
