On July 15, Twitter suffered a massive hack that compromised accounts of high profile people like Elon Musk, Bill Gates and former President Barak Obama. The attackers ran a Bitcoin financial scam and were able to get away with about $120,000 in Bitcoins. Since the attack, Twitter has been investigating into it and has posted several updates giving us an idea into how the hack was executed.

Now, Twitter has published another update on its support page confirming that the hacker used phishing as a way to get employee credentials and access the internal tools required to take control of the various accounts.

The social engineering that occurred on July 15, 2020, targeted a small number of employees through a phone spear phishing attack. A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools.

Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes. This knowledge then enabled them to target additional employees who did have access to our account support tools. Using the credentials of employees with access to these tools, the attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7.

The company also noted that it has severely restricted employee access to the internal tools while the investigation is conducted and hence the support requests from users might be delayed. It has also noted that the security systems will be overhauled in order to prevent such an attack in the future.

Comments