top | item 37577236

Ask HN: Daily Twilio OTP attacks, why, just why?

4 points| sf4lifer | 2 years ago

We're experiencing daily twilio OTP attacks that create accounts. We block IPs and have throttled rate of account creation. But other than running up our bills (~$10 / day) I don't understand what they gain from this. Why are they doing this? What am I missing?

5 comments

leftcenterright|2 years ago

Most likely this is being abused for SMS pumping fraud where rogue network providers/small providers complicit in fraud use the traffic to generate revenue.

- https://support.twilio.com/hc/en-us/articles/8360406023067-S...

tripue|2 years ago

They often take a share of the revenue from those attacks through iprn number or other fraud schemes

sf4lifer|2 years ago

Interesting! That would explain motivation. Any insight on how to track if we're on one of those lists and remove ourselves?

Raed667|2 years ago

If your business is local, maybe limit the accepted numbers to a specific area or country.

Otherwise try to understand if they're automating account creation or are they doing it manually? maybe a captcha/turnstile during sing-up can slow them down?

Anyway, Twillio really dropped the ball on this problem, but why should they care as long as it keeps making them money?