Twilio: Someone waltzed into our unsecured AWS S3 silo, added dodgy code to our JavaScript SDK

Discussion in 'other security issues & news' started by mood, Jul 21, 2020.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    36,411
    Twilio: Someone broke into our unsecured AWS S3 silo, added 'non-malicious' code to our JavaScript SDK
    API dev kit remained modified for hours, says source
    July 21, 2020

    https://www.theregister.com/2020/07/21/twilio_sdk_code_injection/
     
  2. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    36,411
    Updated (July 22, 2020):
     
  3. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    36,411
    Misconfigured S3 exposes Twilio users to Magecart attack
    July 23, 2020
    https://www.scmagazine.com/home/sec...d-s3-exposes-twilio-users-to-magecart-attack/
     
  4. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    36,411
    Twilio breach spotlights struggle to keep corporate software kits out of the wrong hands
    July 24, 2020
    https://www.cyberscoop.com/twilio-hack-breach-s3-buckets-magecart/
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.