Twilio discloses a data breach. What could be done better to prevent it in the future?

Question

Twilio discloses a data breach. What could be done better to prevent it in the future?

Hi infosec professionals,

Based on this article, a few days ago "Twilio became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials".

What could be done better to prevent this from happening in the future? Which tools, techniques and solutions could help to avoid this from happening?

Thoughts?

EB

Evgeny Belenky

Director of Community at PeerSpot (formerly IT Central Station)

1
15

Buyer's Guide

Breach and Attack Simulation (BAS)

June 2025

Get the category report

Helped 859,579 peers since 2012

1 Answer

Last answered Aug 10, 2022

Buyer's Guide

Breach and Attack Simulation (BAS)

June 2025

Download Free Report

Find out what your peers are saying about SailPoint, Microsoft, One Identity and others in Identity Management (IM). Updated: June 2025.

DOWNLOAD NOW

859,579 professionals have used our research since 2012.

Search for a product comparison in Identity Management (IM)

Breach and Attack Simulation (BAS)

Breach and Attack Simulation (BAS) tools are advanced security solutions that help organizations assess their cybersecurity posture by simulating potential attacks and breaches. They provide insights into vulnerabilities and measure the effectiveness of existing security measures. BAS solutions are designed to continuously test an organization's security systems by imitating the actions of attackers. By using real-world attack scenarios, BAS helps identify vulnerabilities in a controlled...

Download Breach and Attack Simulation (BAS) Report Read more

Related categories

Identity Management (IM)

Authorization Software

Security Awareness Training

Access Management

Breach and Attack Simulation (BAS)

Related Q&As

Mar 19, 2024

Why is Identity Management (IM) important for companies?

Feb 6, 2025

How is Zero Trust different from the Least Privileged model?

Ladislav Nyiri IDM Engineer at a tech services company with 51-200 employees · Answer 1 · 2022-08-10T08:34:33Z

In case of sophisticated social engineering attack designed to steal employee credentials there is a need to pay attention regarding education of employee first and if not already in place apply Zero Trust approach by implementing OTP and using it as mandatory for all employees. Any technical solution is not good enough to avoid willing leak of employee credentials by themself.