Twitter Hackers Used 'Phone Spear Phishing Attack' to Pull Off Bitcoin Scam
According to the company, a small number of employees were targeted in a "phone spear phishing attack," suggesting that hackers called some of its staff and duped them into thinking they were speaking with fellow Twitter employees, leading them to reveal the credentials the hackers needed to access internal account support tools.
The attack on July 15, 2020, targeted a small number of employees through a phone spear phishing attack. This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.
Twitter previously called the hack a "coordinated social engineering attack" that had targeted some employees with access to internal systems. The internal tools were used to target 130 accounts, and for 45 of those accounts, hackers initiated a password reset and had full access to the account to send tweets.
For the 130 accounts that were breached, which included the accounts of Tesla CEO Elon Musk, former U.S. President Barack Obama, former Microsoft CEO Bill Gates, Amazon CEO Jeff Bezos, presidential candidate Joe Biden, and others, hackers were able to see personal information like email addresses and phone numbers, and for some accounts taken over, additional information was available, including Direct Messages.
The attack on July 15, 2020, targeted a small number of employees through a phone spear phishing attack. This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems. — Twitter Support (@TwitterSupport) July 31, 2020
Following the attack, Twitter temporarily locked accounts for some users and limited features. Most of those features are now back, but some, such as the "Your Twitter Data" download feature, are still not working as usual.
Twitter says it is taking a "hard look" at how it can improve the sophistication of its internal tools and systems, and in the meantime it has significantly limited access to them until it can safely resume normal operations.