Twilio phishing attack fallout spreads to Signal
Dive Brief:
- Signal, widely considered one of the most secure messaging platforms globally, was among the companies directly impacted by a phishing attack against Twilio earlier this month.
- Once attackers gained access to Twilio’s customer support console, the phone numbers or verification codes used by about 1,900 users to verify Signal accounts via Twilio were revealed, according to an update published by Signal. The encrypted messaging platform said the attackers explicitly searched for three numbers and successfully re-registered one account.
- Signal said the majority of its users were not affected and maintains the attackers did not access message history, profile information or contact lists.
Dive Insight:
The downstream impact of the phishing attack on Twilio, which compromised the platform’s widely used two-factor authentication service, exemplifies the potentially serious repercussions of a cyberattack on a third-party vendor.
Twilio, in a Wednesday update about the attack, said it identified and notified about 125 customers whose data was accessed by malicious actors. The company said there is no indication customer passwords, authentication tokens and application protocol interface keys were accessed without authorization during the attack.
Signal said it conducted an investigation into potential compromise after it was notified by Twilio about the phishing attack. The messaging platform provider said it plans to notify all 1,900 potentially affected users by Tuesday.
The Signal app, which is run by a nonprofit focused on open-source privacy technology, surged in popularity during the last 18 months, surpassing an estimated 40 million monthly active users by late 2021.
Gloss