More than 130 Companies Affected in Twilio Attack

to Twilio after the recent phishing attack 1,900 Signal users It turned out that the phone numbers were stolen. A hacker who managed to access Twilio’s customer support line through phishing could access users’ message history, profile information or users’ contact list as he wished. The attack was stopped by Twilio in a short time, but according to the information that emerged, only Signal was not affected by this attack.

Twilio, which offers the ability to send audio and video messages to different applications, has recently gained a great popularity. with a phishing attack had faced. According to security firm Group-IB, after this attack, the hackers’ phishing kit was used for approx. 10,000 users hijacked login credentials and most are US-based more than 130 organizations damaged by this attacker.

Information from giant companies such as Twitter, Microsoft and Coinbase may have been stolen

cyber security firm to Group-IB according to the hackers, to target more than 130 organizations, most of them US-based “0ctapusused a phishing kit called “. in 169 different areas He claims the scale of the attack was too great.

As a result of the attacks, which are stated to have started in March 2022 and which are thought to have stolen approximately 10,000 login information so far. from finance to telecom Many areas were targeted. Among the companies reported to have been attacked by Group-IB Microsoft, twitterT-Mobile, Riot Games and Epic Games giant companies such as However, no company has made a statement on this issue.

How is user login information stolen?

According to the report three people from Turkey The phishing kit used in this attack, in which it was affected, was used by deceiving users with unsuspecting phishing messages. login information A set of websites designed for users to enter is software tool. In this case, 0ktapus hackers send SMS messages to employees in various companies. These messages lead to seemingly legitimate but ultimately fake login pages that can save passwords.

The victim always thinks the phishing site is the one he entered and enters all his information. According to Group-IB’s report, victims are asked for usernames and passwords, and then 2FA A second page is shown asking for the (two-factor authentication) code. Users enter the incoming password here, and thus phishing takes place.

According to the report, 0ktapus has been around since March. 5,441 multi-factor authentication codes including at least 9,931 user credentials it was stolen. According to Group-IB, these latest attacks were the largest of this scale to date. It is thought that some of the companies are involved in such events.