Okta says some customers’ authentication data was exposed by the attack on customer engagement platform Twilio, which that firm first disclosed publicly on Aug. 7.
In its breach report, Twilio said attackers tricked multiple employees into providing their access credentials, which the attackers used “to gain access to some of our internal systems, where they were able to access certain customer data” via a Twilio console.
So far, Okta and messaging platform Signal have disclosed they fell victim to this supply chain attack.
In its breach notification, Okta says that as a result of that access to Twilio’s systems, for some of its customers, “a small number of 1) mobile phone numbers and 2) associated SMS messages containing one-time passwords (‘OTPs’) were accessible to the threat actor via the Twilio console.”
Twilio informed Okta of the data exposure on Aug. 8 and shared internal logs to help its security team investigate. “Okta prioritized routing of SMS-based communications to an alternative provider while we worked with Twilio’s security team to understand the scope and impact of the incident,” it says, adding that it was able to use the logs to identify exactly what was exposed.
