Twilio says that on Thursday, it found that a weekslong attack had tricked multiple employees into providing their login credentials to attackers.
“The attackers then used the stolen credentials to gain access to some of our internal systems, where they were able to access certain customer data,” Twilio says. “Once Twilio confirmed the incident, our security team revoked access to the compromised employee accounts to mitigate the attack.”
The company says it has hired a third-party digital forensics firm to investigate the breach and identify affected customers.
Twilio has not yet issued a final count of the number of employees who were tricked or customers who were affected by the breach. “If you are not contacted by Twilio, then it means we have no evidence that your account was impacted by this attack,” it says.
The company has also not yet specified if the breached businesses are located exclusively in the U.S. or if they might also be abroad.
