Data leakage in Twilio, Slack and Cloudflare by smishing their workers

These three companies have been victims of a smishing cyberattack by sending SMS to their workers, where they were asked to update their passwords through the link that appeared in the text message.

Twilio has confirmed the cybercriminals' access to its employees' login credentials. On the Slack side, they have reported the reset of approximately 0.5% of their users' passwords after fixing the bug that exposed their password hashes. And finally, CloudFlare has stated that some of its employees' credentials were also stolen by smishing in the same way as the attack that Twilio has received, however, they defend that although the cybercriminals tried to access the users' accounts they did not manage to break into their systems.