Twilio published an incident report on August 4, 2022 about an attack that led to employee and customer account compromise. A social engineering attack was carried out against Twilio employees to steal credentials. The credentials were then used to access customer data. The known affected customers have been notified, and as of August 4, Twilio has indicated that further investigation is ongoing.
SaaS breaches are common nowadays, and the bad actors are targeting the SaaS providers to gain access to internal systems. This provides them access to the entire customer base rather than individual company accounts. In most cases, the criminals are stealing usernames and passwords to access customer accounts or take control of the accounts and use them for nefarious purposes.
To protect against potential attacks from stolen credentials, companies should take these three steps.
1. Discover all Twilio app users
The discovery should include all current employees, but unless access is managed through a single sign on (SSO) application or an identity provider (IdP) was used, there is the possibility that former employees may still have accounts that are still open. Discovery is a foundational element of SaaS security, but it is not always easy.
2. Reset Twilio passwords for every user
Stolen credentials can be used to take control of accounts and access sensitive data. The best defense against credential theft is to reset the password. Though simple in concept, this usually relies on individual users to take this action, and one hundred percent compliance is not always a given.
3. Evaluate adding Twilio to SSO
SSO enables users to securely authenticate with multiple applications and allows IT admins centrally control access to SaaS applications. It also eliminates the risk of credential theft for a single application since users do not know their login and password for an SSO-governed application. However, SSO usually requires increased license costs, and it requires some work by IT for integration. Depending on the number of Twilio users a company has, the increased cost and work to add Twilio to SSO may not be justified.
How Grip Can Help Protect Against Twilio Credential Theft
The Grip SaaS Security Control Plane can help customers accomplish these three critical steps in minutes. Our discovery method is the most complete in the industry, and it can go back historically and find former employees that have open Twilio accounts. The solution has built-in automation that enables IT or security to centrally reset every user’s password, ensuring that the stolen credentials are no longer a threat.Customers using our Grip Access product can also require users to rotate their passwords on an ongoing basis.
The Grip solution does not require an endpoint client or require proxy or CASB integration. Installation is simple and only takes ten minutes to complete. Contact us for a free SaaS security assessment or you can learn more by reading our datasheet.