Twitter's July 15 hack was caused by hackers stealing employee credentials via phone phishing
2 min. read
Published on
Share this article
Improve this guide
Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more
On July 15, Twitter suffered a massive hack that compromised accounts of high profile people like Elon Musk, Bill Gates and former President Barak Obama. The attackers ran a Bitcoin financial scam and were able to get away with about $120,000 in Bitcoins. Since the attack, Twitter has been investigating into it and has posted several updates giving us an idea into how the hack was executed.
Now, Twitter has published another update on its support page confirming that the hacker used phishing as a way to get employee credentials and access the internal tools required to take control of the various accounts.
The social engineering that occurred on July 15, 2020, targeted a small number of employees through a phone spear phishing attack. A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools.
Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes. This knowledge then enabled them to target additional employees who did have access to our account support tools. Using the credentials of employees with access to these tools, the attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7.
The company also noted that it has severely restricted employee access to the internal tools while the investigation is conducted and hence the support requests from users might be delayed. It has also noted that the security systems will be overhauled in order to prevent such an attack in the future.
We’re accelerating several of our pre-existing security workstreams and improvements to our tools. We are also improving our methods for detecting and preventing inappropriate access to our internal systems and prioritizing security work across many of our teams.
— Support (@Support) July 31, 2020
