Cloud communications platform as a service (CPaaS) company Twilio this week disclosed a security incident that resulted in hackers uploading a modified version of the TaskRouter JS SDK to its site.
The incident happened on July 19 and was discovered several hours later, with the modified file being replaced within an hour.
Designed to provide easy interaction with the Twilio TaskRouter, the SDK was hosted in an Amazon Web Services S3 bucket that was improperly secured, thus becoming accessible to the attackers.
The hackers were able to inject code “that made the user’s browser load an extraneous URL that has been associated with the Magecart group of attacks,” the company says.
Only version 1.20 of the TaskRouter JS SDK was affected and the incident was remediated fast, and Twilio does not believe that this was a targeted attack, but opportunistic in nature.
“We have no evidence at this time that any customer data was accessed by a bad actor. Furthermore, at no time did a malicious party have access to Twilio’s internal systems, code, or data,” Twilio says.
The incident, the company explains, was the result of a misconfiguration introduced roughly five years ago, and which resulted in access for the path storing the TaskRouter SDK being improperly secured, thus allowing anyone to read and write to it.
“One of Twilio’s S3 buckets is used to serve public content from the domain twiliocdn.com. We host copies of our client-side JavaScript SDKs for Programmable Chat, Programmable Video, Twilio Client, and Twilio TaskRoute ..
Support the originator by clicking the read the rest link below.
