Mon Sep 23 22:55:01 UTC 2024: ## Twilio Customer Data Leaked in Third-Party Tool Vulnerability, Not a Direct Breach

**San Francisco, CA -** A hacker known as ‘grep’ has leaked over 12,000 call records, including audio recordings, allegedly belonging to Twilio customers. The leak, spanning from 2019 to 2024, has raised concerns about the privacy of both businesses and individuals using the cloud communication platform.

While the leak initially suggested a direct breach of Twilio’s systems, the company has since clarified that this was not the case. **Twilio confirmed that a customer’s data was exposed due to a vulnerability in a third-party software tool used by the customer’s developers.** This vulnerability allowed the hacker to access the call records, including phone numbers and audio recordings.

The leaked data, which includes details like call type, direction, and interpretation session IDs, poses significant privacy risks. The presence of audio recordings is particularly concerning, as it could potentially be used for blackmail, fraud, or impersonation.

**Twilio has informed the affected customer, who has already taken steps to secure their account.** The company emphasizes that there is no evidence of a breach of its own systems.

This incident serves as a reminder of the importance of cybersecurity measures, particularly when using third-party tools. Businesses need to carefully vet and monitor these tools to mitigate potential vulnerabilities.

**Following the leak, experts recommend that organizations take steps to mitigate risks, including:**

* Notifying affected parties
* Securing leaked recordings
* Consulting legal experts
* Reviewing access controls
* Implementing encryption
* Involving an incident response team

The leaked phone numbers are also vulnerable to smishing and vishing scams. Businesses and individuals should be vigilant and report any suspicious calls or messages.

Read More