Twilio Hackers Scarf 10K Okta Credentials in Sprawling Supply Chain Attack


Around 10,000 sets of Okta and two-factor authentication (2FA) credentials were stolen by the same hackers who earlier in August socially engineered Twilio and Cloudflare employees into giving up their passwords.

From there, they started supply-chain attacks on downstream clients, which led to companies like Digital Ocean and DoorDash receiving unintended collateral damage. Several well-known firms were among those targeted in a huge phishing effort it refers to as 0ktapus, according to an analysis by Group-IB. Read More…