Information firm Twilio suffered a hack last week, the firm reported on Monday.
The company became aware of unauthorized access to information on a “limited number” of customer accounts last Thursday, August 4, Twilio says in a blog post.
Current and former employees received text messages purporting to be from the firm’s IT department.
“Typical text bodies suggested that the employee's passwords had expired, or that their schedule had changed, and that they needed to log in to a URL the attacker controls,” the company states.
It adds: “The URLs used words including "Twilio," "Okta," and "SSO" to try and trick users to click on a link taking them to a landing page that impersonated Twilio’s sign-in page.”
The company worked with U.S. carrier networks and hosting providers to shut down these actors.
One message said “Notice!......login has expired. Please tape (link saying twilio-sso.com) to update your password.”
Another said, “ALERT!! Your Twilio Schedule has changed. Tap twilio-okta.com to see changes!”
As soon as it confirmed the episode, Twilio’s security team revoked the compromised employee accounts.
It adds: “We have reemphasized our security training to ensure employees are on high alert for social engineering attacks, and have issued security advisories on the specific tactics being
utilized by malicious actors since they first started to appear several weeks ago."
In addition, the firm has notified customers who were affected.
The firm says it seeks to communicate such incidents in a transparent manner.