Twilio’s SDK Compromised by Attackers – Expert Reaction

Twilio, a cloud communications platform as a service (CPaaS) company, disclosed that attackers compromised its TaskRouter JS SDK after gaining access to one of its misconfigured Amazon AWS S3 buckets. This left the SDK’s path publicly readable and writable since 2015. Twilio’s customers include Twitter, Netflix, Uber, Shopify, Morgan Stanley, Airbnb, and others.

Experts Comments

July 23, 2020
Casey Kraus
President of Cloud Security Management Provider
Senserva
Breaches like these are all too common in cloud environments. The complexity around configurations, identity, and access in the cloud are creating many opportunities for these bad actors. Companies need to find help from partners and applications that can identify these possible misconfigurations when they occur to lower their overall risk exposure.
July 23, 2020
Mark Bower
Senior Vice President
comforte AG
Compromise of common cloud security infrastructure is a jewel in the crown for any attacker given the scope of influence over dependent enterprises and broadly deployed mobile applications alike. Storage configuration, SDK and API attacks are an increasingly exploited vectors that can lead to misdirection, malware injection, manipulation and theft of data. While malvertising was the initial endgame here, that in itself can lead to compromise of end user platforms and secondary data theft. Given .....Read More
Compromise of common cloud security infrastructure is a jewel in the crown for any attacker given the scope of influence over dependent enterprises and broadly deployed mobile applications alike. Storage configuration, SDK and API attacks are an increasingly exploited vectors that can lead to misdirection, malware injection, manipulation and theft of data. While malvertising was the initial endgame here, that in itself can lead to compromise of end user platforms and secondary data theft. Given the increasing dependency and complexity of cloud applications and platforms, human error will have increasing impact and data breach ramifications with further adoption, signaling the need for new approaches to secure data at risk from simple, yet easy to make, mistakes on a more robust level.  Read Less
July 23, 2020
Ameet Naik
Security Evangelist
PerimeterX
Modern web applications make extensive use of third-party scripts and open source libraries, such as the TaskRouter library published by Twilio. Often introduced without proper vetting, this Shadow Code introduces unknown risks into the application and vastly expands the attack surface. Misconfigured S3 buckets remain a common way for hackers to introduce malware into otherwise legitimate scripts. By compromising a single widely used supplier such as Twilio, hackers can gain access to hundreds.....Read More
Modern web applications make extensive use of third-party scripts and open source libraries, such as the TaskRouter library published by Twilio. Often introduced without proper vetting, this Shadow Code introduces unknown risks into the application and vastly expands the attack surface. Misconfigured S3 buckets remain a common way for hackers to introduce malware into otherwise legitimate scripts. By compromising a single widely used supplier such as Twilio, hackers can gain access to hundreds of websites. Client-side attacks like these can lead to massive data breaches, resulting in compliance penalties running into the millions. For instance, British Airways was fined $240M in 2019 for GDPR violations resulting from a client-side Magecart attack on its online booking application. Businesses need to invest in client-side application security to ensure full visibility and control over client-side scripts and avoid data breaches.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.