Twilio, the communications solution provider serving more than 15,000 customers including Facebook and Uber, has confirmed that hackers accessed customer data after successfully tricking employees into handing over their corporate login credentials. Twilio said that it became aware that someone gained “unauthorized access” to information related to some Twilio customer accounts on late last week.
Erfan Shadabi, cybersecurity expert with data security specialists comforte AG, commented:
“Many of the data breaches we have seen in the past few months have human error lurking within their backstories. Phishing is a type of cybercrime in which victims are contacted by an attacker posing as a trustworthy entity in order to obtain sensitive information or data, such as login credentials, credit card details, or other personally identifiable information.
One of the best approaches to mitigate such attacks is to adopt the Zero Trust framework. Zero Trust means you assume you’ve already been breached, provide no implicit trust, verify again and again, and only provide minimal privileges upon successful authentication. Protection methods such as tokenization can complement this framework because by tokenizing sensitive data immediately upon entering the corporate data ecosystem—and then not de-protecting it—people can have minimal or no access to the truly sensitive information while still being able to accomplish tasks (like data analytics). Positive trends such as Zero Trust architectures, supported by more data-centric protection methods (protecting the data itself rather than the borders around it), can really help in the long run.”