Over 130 companies, including Twilio, DoorDash, and Cloudflare, may have been infiltrated by hackers as part of a months-long phishing effort dubbed “0ktapus” by security experts. According to a study from cybersecurity firm Group-IB, attackers impersonating the popular single sign-on service Okta obtained login data for roughly 10,000 people.
According to Group-IB, the attackers exploited that access to pivot and attack accounts on other services. On August 15th, the encrypted messaging service Signal notified users that the attackers’ Twilio breach revealed as many as 1,900 Signal accounts and verified they were able to register additional devices to the accounts of a handful, allowing the attackers to send and receive messages from that account. Twilio also updated its breach warning this week, indicating that 163 customers’ data had been accessed. It also said that 93 users of Authy, its multifactor authentication cloud service, had their accounts accessed and new devices registered.
