Updated on 2022-10-29: Twilio breach
Twilio said it concluded its investigation into its July security breach and has posted a final version of its IR report on its blog. Conclusions below:
- The last observed unauthorized activity in our environment was on August 9, 2022;
- 209 customers – out of a total customer base of over 270,000 – and 93 Authy end users – out of approximately 75 million total users – had accounts that were impacted by the incident; and
- There is no evidence that the malicious actors accessed Twilio customers’ console account credentials, authentication tokens, or API keys.
Twilio disclosed another breach from June where the same attackers from August gained access to the information of 209 customers and 93 Authy end users. Read more: Twilio discloses another hack from June, blames voice phishing