[BreachExchange] Hackers Breached into Twilio's AWS; Company Confirms the Attack

Destry Winant destry at riskbasedsecurity.com
Mon Jul 27 10:09:14 EDT 2020 

https://www.ehackingnews.com/2020/07/hackers-breached-into-twilios-aws.html

In a recent cybersecurity breach incident, Twilio acknowledges that
hackers breached into the company's cloud services (unsecured) and
compromised its javascript SDK. The hackers modified the javascript
that the company shares with the clients. Twilio, a famous cloud
communications company, told a news agency about the incident, after
an anonymous whistleblower had reported the issue to the agency. To
summarise it all, a cybercriminal breached into Twilio's AWS (Amazon
Web Services) S3 systems. It should be noted that the networks were
unsecured and world-writable. The hacker modified the TaskRouter v1.20
SDK and attached some malicious codes designed to tell if the changes
worked or not.

In response to the incident, Twilio says that the customer's privacy
safety is the first and foremost concern for the company. Twilio
confirms about the malware in the TaskRouter v1.20 SDK, and that it
was the work of a 3rd party. The modification of the S3 bucket made
the attack possible. According to Twilio, it immediately closed the S3
bucket after knowing the issue and has issued an inquiry into the
incident. The company took roundabout 12 hours to deal with the issue.
Currently, it has no proof if any of the customer accounts were stolen
or not. However, it confirms that the hacker didn't break into the
company's internal systems to modify coding or data.

 Twilio uses JavaScript SDK as a method to connect your business
operations to its task router platforms. The company plans to publish
a detailed report about the incident in a few days. However, a
friendly suggestion to the users, if you have downloaded or installed
an SDK copy, make sure that you have a legit copy.

 "Our investigation of the javascript that was added by the attacker
leads us to believe that this attack was opportunistic because of the
S3 bucket's misconfiguration. We believe that the attack was designed
to serve malicious advertising to users on mobile devices," said
Twilio to The Register as a response to the incident. It also says,
"If you downloaded a copy of v1.20 of the TaskRouter JS SDK between
July 19th, 2020 1:12 PM and July 20th, 10:30 PM PDT (UTC-07:00), you
should re-download the SDK immediately and replace the old version
with the one we currently serve."

More information about the BreachExchange mailing list