to Twilio after the recent phishing attack 1,900 Signal Users It turned out that the phone numbers had been stolen. A hacker who managed to gain access to Twilio’s customer support line through phishing could view users’ message history, profile information, or contact list at will. The attack was stopped by Twilio in a short time, but according to the information that came out, only Signal was unaffected by this attack.

Twilio, which offers the ability to send audio and video messages to various applications, has become very popular lately. with a phishing attack had faced. According to security company Group-IB, after this attack, the hackers’ phishing kit is approx. 10,000 users hijacked credentials and most are located in the US more than 130 organizations damaged by this attacker.

Information from giant companies like Twitter, Microsoft and Coinbase may have been stolen

cybersecurity company to Group IB according to the hackers, to target more than 130 organizations, most of which are based in the US”0ctapusused a phishing kit called “. in 169 different areas He claims the scale of the attack was too great.

As a result of the attacks, which reportedly started in March 2022 and are believed to have stolen about 10,000 credentials so far. from finance to telecom Many areas were targeted. Among the companies allegedly attacked by Group-IB Microsoft, twitterT-Mobile, Riot Games and epic games giant companies like No company has made a statement about this, however.

How are user credentials stolen?

According to the report three people from Turkey The phishing kit used in and affected by this attack was used to trick users with unsuspecting phishing messages. Login Information A series of websites designed for users to enter is a software tool. In this case, 0ktapus hackers send text messages to employees in various companies. These messages lead to seemingly legitimate but ultimately fake login pages that can store passwords.

The victim always thinks that the phishing site is the one he entered and enters all his information. According to Group-IB’s report, victims are asked for usernames and passwords, and then 2FA A second page will be displayed asking for the (two-factor authentication) code. Users enter the incoming password here, and this is how phishing takes place.

According to the report, 0ktapus has been around since March. 5,441 multi-factor authentication codes including minimum 9,931 user credentials it was stolen. According to Group-IB, these latest attacks were the largest of this magnitude to date. It is believed that some of the companies are involved in such events.