from Hacker News

Ask HN: Daily Twilio OTP attacks, why, just why?

by sf4lifer on 9/19/23, 9:44 PM with 5 comments

We're experiencing daily twilio OTP attacks that create accounts. We block IPs and have throttled rate of account creation. But other than running up our bills (~$10 / day) I don't understand what they gain from this. Why are they doing this? What am I missing?

  • by leftcenterright on 9/20/23, 7:24 PM

    Most likely this is being abused for SMS pumping fraud where rogue network providers/small providers complicit in fraud use the traffic to generate revenue.

    - https://support.twilio.com/hc/en-us/articles/8360406023067-S...

  • by tripue on 9/19/23, 9:52 PM

    They often take a share of the revenue from those attacks through iprn number or other fraud schemes

  • by Raed667 on 9/20/23, 4:33 PM

    If your business is local, maybe limit the accepted numbers to a specific area or country.

    Otherwise try to understand if they're automating account creation or are they doing it manually? maybe a captcha/turnstile during sing-up can slow them down?

    Anyway, Twillio really dropped the ball on this problem, but why should they care as long as it keeps making them money?