Twilio suffers data breach

Twilio, the company which owns the popular 2-factor authentication service Authy, has revealed that it has suffered a data breach and announced that some of its employees fell victim to a phishing attack.

Hackers sent some text messages to current and former employees of the company, spoofed as being sent from Twilio’s IT department, and asked the users to update their passwords. A link directed the users to URLs controlled by hackers, who then stole the credentials to gain access to some of the company’s internal systems.

Twilio is investigating the attack, and will notify customers who were affected by the data breach. The company has already revoked access to the compromised accounts. It worked with US carriers to shut down the threats, and has taken down the accounts belonging to the attackers on hosting providers that were used for the breach.

Twilio owns several products and services, Authy is just one of those, and is probably the most popular one of the lot. The transparency related to the data breach might be appreciated by users, but the company has not clarified what customer data was accessed. The attack is likely to raise concerns over the safety of Authy.