Level up your Twilio API skills in TwilioQuest, an educational game for Mac, Windows, and Linux. Download Now
Build the future of communications.
Start building for free
  • By Security
    Twilio’s Response to the Recent Codecov Vulnerability Codecov Post Header

    Twilio believes that the security of our products and our customers’ data is of paramount importance and when an incident occurs that might threaten that security, we tell you about it. To that end, we wanted to provide an overview of the impact we experienced from the recently disclosed Codecov vulnerability and how we managed that event.

    What happened?

    On April 15, 2021, Codecov publicly disclosed a security event where an attacker modified the Bash Uploader component which enabled the attacker to potentially export information stored in continuous integration (CI) environments. Twilio was notified of the event by Codecov and immediately began our security incident response process. We have Codecov tools, including the Bash Uploader component, in use in a small number of our projects and CI pipelines. These projects and CI pipelines are not in the critical path to providing updates or functionality to our communication APIs.

    Our subsequent …

    Read More
  • By Security
    7 Ways To Secure Your Account Jjb7K7gWFgzRVaHJrWGl3hmupmw29IcGiD-MtUFWQltm5pJyDHgGU9lPWOMFkcLbifE4guKJS4R3YwDNyl1BawkphlEt_tuWrdfDXSbkNnLhzTLSU7fRrm4QsnLyACVB9KnHBARF

    Security threats come in from all angles, and keeping track of them all is a constant challenge.

    There are many links that attackers can target in the communication chain — the link between you and your network, your passwords and tokens, and other sensitive places and information.  If your Twilio account is compromised, it can result in massive fraudulent charges, blocked phone numbers, loss of customer trust, and more.

    Here are seven best-practices you can follow to keep your Twilio account — or any account — safer.

    Keep your passphrases strong

    First and foremost, use strong passphrases.

    What does that mean these days? It turns out that a jumble of hard-to-remember characters is not as effective as a longer but easier to remember password. That’s why Twilio requires at least 14 characters but has no “special character” requirements.

    It should go without saying: don’t share your passwords and don’t …

    Read More
  • By Security
    Security Update On SSL Certificate Validation Twilio Bug Logo

    Over the past couple months, Twilio has been testing additional safeguards and checks around SSL certificate validation. During the week of October 12th 2015, we deployed a change to our HTTP proxies to validate SSL certificates. This feature is enabled by default for all new accounts. We have deployed a change to our Account Portal so developers can choose to enable this validation.

    What is the purpose of this safeguard?

    The purpose of the certificate validation process is to prevent Man-in-the-Middle attacks on HTTPS connections.

    How does this safeguard impact me?

    This change impacts customers who use HTTPS endpoints to receive requests from Twilio. If certificate validation is enabled and you are using a self-signed, expired, mis-matched domain or a certificate not issued by a trusted-certificate authority*, HTTP requests to your application from Twilio will fail, which will result in a error notification. Error notifications are available …

    Read More
  • Newer
    Sign up and start building
    Not ready yet? Talk to an expert.