Cloudflare employees also hit by hackers behind Twilio breach
Cloudflare says some of its employees' credentials were also stolen in an SMS phishing attack very similar to the one that led to Twilio's network being breached last week. [...]
SMS is used for login codes and alerts, but text messages can be intercepted, spoofed, or redirected through phone-account attacks.
Search across headline titles and summaries.
Background for this topic.
SMS (Short Message Service) is a standardized mobile-network service for sending short text messages between phone numbers. It is widely used for person-to-person communication, service notifications, and one-time authentication codes, but messages are generally not end-to-end encrypted and may be visible to mobile operators or infrastructure handling delivery.
Security concerns include smishing—phishing delivered by text—along with sender-ID spoofing, malicious links, and social engineering. Account recovery and SMS-based multi-factor authentication can also be undermined when an attacker takes control of a phone number through SIM swapping, abuses carrier processes, or exploits signaling-system weaknesses. Organizations should avoid treating SMS as a high-assurance authentication factor where stronger options are practical, restrict sensitive content in texts, monitor number-change and authentication events, and train users to verify unexpected messages through a trusted channel.
Cloudflare says some of its employees' credentials were also stolen in an SMS phishing attack very similar to the one that led to Twilio's network being breached last week. [...]
Customer engagement platform Twilio on Monday disclosed that a "sophisticated" threat actor gained "unauthorized access" using an SMS-based phishing campaign aimed at its staff to gain information on a "limited number" of accounts
Cloud communications company Twilio says some of its customers' data was accessed by attackers who breached internal systems after stealing employee credentials in an SMS phishing attack. [...]