Hackread reports that U.S. cloud communications firm Twilio has dismissed the purported breach of its platform and its cloud-based email delivery subsidiary SendGrid after the threat actor "Satanic" claimed to exfiltrate data from 848,960 SendGrid customers from its systems.Information allegedly pilfered from SendGrid included not only customers' emails, addresses, phone numbers, and social media profiles, but also company-level data, financial details, employee and executive data, and corporate tech stack details, according to Satanic, which was previously involved in the September attack against mobile geolocation tracking service Tracelo. "To the best of our knowledge, after reviewing a sampling of this data, we believe that none of this data originated from SendGrid," said a Twilio spokesperson. Such a development comes after Twilio was linked to separate data breaches last year, with the firm having almost 12,000 call records exposed by third-party software in September and a dataset with 33 million Twilio Authy users' phone numbers leaked by the ShinyHunters gang in July.
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
The vulnerability, tracked as CVE-2026-12957, allowed attackers to execute arbitrary commands by embedding malicious code in workspace configuration files.
