Hackread reports that U.S. cloud communications firm Twilio had 11,802 call records with audio recordings admitted to be compromised by the threat actor "grep" following a cyberattack this month.
Records exposed by grep were divided into a pair of call-tracking TXT files, the first of which detailed phone calls' start and end times, callers' and recipients' phone numbers, and call status, duration, and notes, as well as call interpreters' IDs. On the other hand, more detailed information, such as call language, incoming call identifiers, cost rates, interpretation start times, recording URLs, and video call indicators, were included in the second file. Such a data leak was noted by Hackread researchers to potentially be exploited in voice phishing and SMS phishing attacks, as evidenced by a phishing campaign last month that involved phone calls to facilitate the compromise of corporate VPN credentials. Significant legal action could also stem from the data compromise, researchers added.