BlogNewsResourcesWebinarsGlossary

Twilio Breach: Three Steps to Protect Your Company

Aug 10, 2022

Aug 10, 2022

blue polygon icon

3 min

Twilio published an incident report on August 4, 2022 about an attack that led to employee and customer account compromise. The Grip SaaS Security Control Plane can help customers protect against potential attacks resulting from this breach.

Link to Linkedin
Link to Linkedin
Link to Linkedin
Young-Sae Song
CMO
Twilio Breach: Three Steps to Protect Your Company
This webinar will cover:

Twilio published an incident report on August 4, 2022 about an attack that led to employee and customer account compromise.  A social engineering attack was carried out against Twilio employees to steal credentials.  The credentials were then used to access customer data.  The known affected customers have been notified, and as of August 4, Twilio has indicated that further investigation is ongoing.

SaaS breaches are common nowadays, and the bad actors are targeting the SaaS providers to gain access to internal systems.  This provides them access to the entire customer base rather than individual company accounts.  In most cases, the criminals are stealing usernames and passwords to access customer accounts or take control of the accounts and use them for nefarious purposes.  

To protect against potential attacks from stolen credentials, companies should take these three steps.

1.    Discover all Twilio app users  

The discovery should include all current employees, but unless access is managed through a single sign on (SSO) application or an identity provider (IdP) was used, there is the possibility that former employees may still have accounts that are still open. Discovery is a foundational element of SaaS security, but it is not always easy.  

2.    Reset Twilio passwords for every user  

Stolen credentials can be used to take control of accounts and access sensitive data. The best defense against credential theft is to reset the password.  Though simple in concept, this usually relies on individual users to take this action, and one hundred percent compliance is not always a given.  

3.    Evaluate adding Twilio to SSO  

SSO enables users to securely authenticate with multiple applications and allows IT admins centrally control access to SaaS applications.  It also eliminates the risk of credential theft for a single application since users do not know their login and password for an SSO-governed application.  However, SSO usually requires increased license costs, and it requires some work by IT for integration.  Depending on the number of Twilio users a company has, the increased cost and work  to add Twilio to SSO may not be justified.

How Grip Can Help Protect Against Twilio Credential Theft

The Grip SaaS Security Control Plane can help customers accomplish these three critical steps in minutes.  Our discovery method is the most complete in the industry, and it can go back historically and find former employees that have open Twilio accounts.  The solution has built-in automation that enables IT or security to centrally reset every user’s password, ensuring that the stolen credentials are no longer a threat.Customers using our Grip Access product can also require users to rotate their passwords on an ongoing basis.  

 

The Grip solution does not require an endpoint client or require proxy or CASB integration. Installation is simple and only takes ten minutes to complete.  Contact us for a free SaaS security assessment or you can learn more by reading our datasheet.

In this webinar:
See More
See more
Fill out the form and watch webinar
Oops! Something went wrong while submitting the form.
Register now and save your seat!
Registration successful!
Webinar link will be sent to your email soon
Oops! Something went wrong while submitting the form.
In this webinar:
See More
See more

Talk to an Expert

Request a consultation and receive more information about how you can gain visibility to shadow IT and control access to these apps.

Your request has been sent
Oops! Something went wrong while submitting the form.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.