Twilio confirms data breach exposing over 11k calls
Take action: Sometimes a third party breach will happen at a customer - it's still a third party that needs to have good security posture. But it's impossible to check your customers for security issues.
Learn More
U.S. communications firm Twilio has admitted that 11,802 call records, including audio recordings, were exposed following a cyberattack carried out by the threat actor "grep."
The compromised data, which became publicly available in early September 2024, was divided into two call-tracking text files. The first file contained details such as:
- Start and end times of phone calls
- Callers' and recipients' phone numbers
- Call status
- Call duration
- Notes
- Interpreters' IDs
The second file included more sensitive data, such as:
- Call language
- Incoming call identifiers
- Cost rates
- Interpretation start times
- Recording URLs
- Video call indicators
Security researchers at Hackread warned that the exposed data could be exploited for voice phishing (vishing) and SMS phishing (smishing) attacks. This concern is heightened by a phishing campaign from the previous month, in which threat actors used phone calls to obtain corporate VPN credentials.
Twilio denied that their systems were breached, clarifying that the leak stemmed from one of their customers inadvertently exposing data. Twilio stated that the customer’s developers used a third-party software tool that had a vulnerability, which led to the data exposure. The customer has since been informed and has taken steps to secure their account.
