Twilio, the cloud communications platform-as-a-service (CPaaS) giant, has confirmed a security incident in which attackers accessed a misconfigured Amazon AWS S3 bucket and modified the TaskRouter JavaScript SDK. The SDK path had been publicly readable and writable since 2015.
More than 5 million developers and 150,000 companies use Twilio, which offers tools to help businesses improve communications over voice, text, and video; its APIs help developers bring voice, video, and text into their applications. Twitter, Spotify, Hulu, Lyft, Yelp, Airbnb, Shopify, Uber, Netflix, and Foursquare are among Twilio's customers.
On July 19, Twilio was alerted to a change made to the TaskRouter JS SDK, a library it hosts to help customers interact with TaskRouter, which offers a routing engine to send tasks to agents or processes. The attacker-altered version of the library may have been available on Twilio's CDN or cached by user browsers for up to 24 hours after the code was replaced on its website, which was about an hour after Twilio learned of the incident.
Attackers were able to change the library's code due to a misconfiguration in the S3 bucket that hosted the library. They injected code that made the browser load an extra URL that had been linked to Magecart attacks. Twilio doesn't believe this was targeted at the company. Rather, it seems to be an opportunistic attack related to a campaign to exploit open S3 buckets for financial gain.
"We had not properly configured the access policy for one of our AWS S3 buckets," officials wrote in a disclosure. One of its S3 buckets is used to serve co ..
Support the originator by clicking the read the rest link below.
