data breach tied to Twilio hackers:

DoorDash discloses new data breach tied to Twilio


Food delivery firm DoorDash has disclosed a data breach exposing customer and employee data that is

linked to the recent cyberattack on Twilio.

In a security advisory released Thursday afternoon, DoorDash says that a threat actor gained access to the

company's internal tools using stolen credentials from a third-party vendor that had access to their


"DoorDash recently detected unusual and suspicious activity from a third-party vendor's computer

network. In response, we swiftly disabled the vendor's access to our system and contained the incident,"

explains the DoorDash security notice.

The hacker used this access to DoorDash's internal tools to access data for both consumers and


The exposed information includes the names, email addresses, delivery addresses, and phone numbers of

consumers. In addition, for a small subset of customers, the hackers accessed basic order information and

partial credit card information, including the card type and the last four digits of the card number.

For employees of the company, known as Dashers, the hackers may have accessed names, phone

numbers, and email addresses.

While DoorDash does not mention the name of the third-party vendor, the food delivery company told

TechCrunch that the breach is linked to same threat actors as the recent cyberattack on Twilio.

DoorDash previously suffered a data breach in 2019 that exposed the data of nearly 5 million customers.

Part of a larger 'Oktapus' phishing campaign

Earlier this month,  Twilio disclosed that they were breached  after multiple employees fell for an SMS

phishing attack that allowed threat actors to access internal systems.

Using this access, the threat actors could access the data of 163 Twilio customers and use that data in

further supply-chain attacks.

"To date, our investigation has identified 163 Twilio customers - out of a total customer base of over

270,000 - whose data was accessed without authorization for a limited period of time, and we have

notified all of them," explains an updated Twilio security advisory.

The fallout from this attack is just being realized, with Twilio disclosing this week that the hackers were also

able to access 93 Authy 2FA accounts as part of the breach.

Signal also disclosed that the breach allowed hackers to access the phone numbers of 1,900 users, with

some accounts reregistered to new devices.

However, the attack on Twilio is part of a much larger phishing campaign dubbed 'Oktapus' after the threat

actor's targeting of Okta identity management login credentials.

The campaign was discovered by cybersecurity firm Group-IB, which said that the threat actors breached

over 130 organizations worldwide using an SMS phishing campaign.

These SMS phishing texts utilized phishing domains containing the keywords "OKTA," "HELP," "VPN,"

and "SSO" and told targets to click on a link to update their password or access other information.

These attacks were very successful, leading to reported data breaches at  MailChimp  and  Klaviyo  and

an attempted breach of Cloudflare.

Other companies targeted in the attack include Coinbase, KuCoin, Binance, Microsoft, Telus, Verizon

Wireless, T-Mobile, AT&T, Sprint, Rogers, Mailgun, Slack, Box, SendGrid, Yahoo, Sykes, BestBuy, and


However, none of these other companies have disclosed whether the attacks were successful.

8/26/22 update: Story updated to clarify that the DoorDash breach was conducted by the same hackers as

Twilio but not through Twilio