Twitter has provided another update on the security breach two weeks ago that saw the Twitter accounts of Apple and other high-profile figures and companies hacked by bitcoin scammers.
According to the company, a small number of employees were targeted in a "phone spear phishing attack," suggesting that hackers called some of its staff and duped them into thinking they were speaking with fellow Twitter employees, leading them to reveal the credentials the hackers needed to access internal account support tools.
The attack on July 15, 2020, targeted a small number of employees through a phone spear phishing attack. This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.
Twitter previously called the hack a "coordinated social engineering attack" that had targeted some employees with access to internal systems. The internal tools were used to target 130 accounts, and for 45 of those accounts, hackers initiated a password reset and had full access to the account to send tweets.
For the 130 accounts that were breached, which included the accounts of Tesla CEO Elon Musk, former U.S. President Barack Obama, former Microsoft CEO Bill Gates, Amazon CEO Jeff Bezos, presidential candidate Joe Biden, and others, hackers were able to see personal information like email addresses and phone numbers, and for some accounts taken over, additional information was available, including Direct Messages.
The attack on July 15, 2020, targeted a small number of employees through a phone spear phishing attack. This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems. — Twitter Support (@TwitterSupport) July 31, 2020
Following the attack, Twitter temporarily locked accounts for some users and limited features. Most of those features are now back, but some, such as the "Your Twitter Data" download feature, are still not working as usual.
Twitter says it is taking a "hard look" at how it can improve the sophistication of its internal tools and systems, and in the meantime it has significantly limited access to them until it can safely resume normal operations.
Top Rated Comments
Right. It's always been easier to convince someone to give you the key than figuring out how to make the key.Despite all the sophisticated security measures a company might take, in the end it’s the human factor that brings it all down...
Bizarre that Twitter employees have an internal tool that gives them permission to post in your name on your Twitter accounts. What if Twitter decided to commandeer all those millions of fake or dormant accounts to manipulate or misinform the public?what if they already do this to some extent? And how much editorial power do they have to control what is allowed to ‘trend’ in a positive or negative light? Social engineering should be regulated otherwise it belongs to the highest bidders and advertisers. We’ve already seen how these platforms can be gamed with dark money to cause division and harm.Was it just me or it is actually baffling to hear that their employees were victims of a phone spear phishing attack, which somehow gave the hackers access to Twitter's "internal tool"?
This is just bizarre.........
This is just bizarre.........