Twilio hackers breached over 130 organizations during months-long hacking spree

From techcrunch.com

Phishing target

The hackers that breached Twilio earlier this month also compromised over 130 organizations during their hacking spree that netted the credentials of close to 10,000 employees.

Twilio’s recent network intrusion allowed the hackers access the data of 125 Twilio customers and companies — including end-to-end encrypted messaging app Signal — after tricking employees into handing over their corporate login credentials and two-factor codes from SMS phishing messages that purported to come from Twilio’s IT department. At the time, TechCrunch learned of phishing pages impersonating other companies, including a U.S. internet company, an IT outsourcing company and a customer service provider, but the scale of the campaign remained unclear.

Read more…