At least two security-sensitive companies—Twilio and Cloudflare—were targeted in a phishing attack by an advanced threat actor who had possession of home phone numbers of not just employees but employees’ family members as well.
In the case of Twilio, a San Francisco-based provider of two-factor authentication and communication services, the unknown hackers succeeded in phishing the credentials of an undisclosed number of employees and, from there, gained unauthorized access to the company’s internal systems, the company said. The threat actor then used that access to data in an undisclosed number of customer accounts.
Two days after Twilio’s disclosure,
→ Continue reading at Ars Technica