![]() At least one of the hackers called targeted employees impersonating IT support, noting that the hacker’s accent “appears to be North American.” This may align with this week’s Group-IB investigation, which suggested one of the hackers involved in the campaign may reside in North Carolina.ĭoorDash also confirmed this week that it was compromised by the same hacking group. In its analysis of the phishing campaign, Okta said that Scatter Swine hackers likely harvested mobile phone numbers from data aggregation services that link phone numbers to employees at specific organizations. This marks the second time Okta has reported a security incident this year. Okta said that when the hackers gained access to Twilio’s internal console, they obtained a “small number” of Okta customer phone numbers and SMS messages that contained one-time passwords. The company said in a blog post that the hackers - which it refers to as “Scatter Swine” - spoofed Okta login pages to target organizations that rely on the company’s single sign-on service. Identity giant Okta on Thursday also confirmed it was compromised as a result of the Twilio breach. Twilio also said in the update that the number of compromised Twilio customers has increased from 125 to 163, with hackers accessing data at these organizations for a “limited period of time.” Twilio has not named its impacted customers, but some - like encrypted messaging app Signal - have notified their own users that they were affected by the Twilio breach. While using any two-factor authentication is better than none, hackers are increasingly devising new ways to trick users into handing over app-based codes, which is generally far more difficult to obtain than codes sent by text message. It’s also recommending that users review all devices tied to their Authy accounts and disable “allow Multi-device” in the Authy application to prevent new device additions. The company said it has “since identified and removed unauthorized devices from these Authy accounts” and is advising affected Authy users, which it has contacted, to review linked accounts for suspicious activity. In an update to its incident report on August 24, Twilio said that the hackers gained access to the accounts of 93 individual Authy users and registered additional devices, effectively allowing the attackers to generate login codes for any connected 2FA-enabled account. ![]() Now, Twilio has confirmed that Authy users were also impacted by the breach. Researchers this week linked the attack on Twilio and others to a wider phishing campaign by a hacking group dubbed “0ktapus,” which has stolen close to 10,000 employee credentials from at least 130 organizations since March. Twilio’s breach earlier this month, which saw malicious actors accessing the data of more than 100 Twilio customers after successfully phishing multiple employees, keeps growing in scale. Authy is Twilio’s two-factor authentication (2FA) app it acquired in 2015. messaging giant Twilio has confirmed hackers also compromised the accounts of some Authy users as part of a wider breach of Twilio’s systems. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |