Text/SMS messages, call meta data and voice recordings stored in Twilio accounts were exposed in as many as 685 apps used by 180 million people.
'We believe that the data may potentially include business and personal discussions such as negotiations, pricing discussions, confidential recruiting calls, proprietary product and technology disclosures, health diagnoses, market data, and M&A planning. A motivated attacker with automated tools to convert the audio to text and search for specific keywords will almost certainly be rewarded with valuable data.' The vulnerability emerged when Twilio's developers, in violation of documented guidelines for secure use of credentials and tokens, erroneously configured all apps that used Twilio's services to leak audio and message-based communications.
