Twitter officials continue to post new findings from an investigation of a massive attack earlier this month. Now the company’s engineers said that the hackers used targeted phone phishing to break into Twitter.Let me remind you that the break was the largest in the history of the social network. Accounts of many public people and large companies were compromised, including Bill Gates, Elon Musk, Jeff Bezos, Apple and Uber, the CoinDesk, Binance and Gemini exchanges, and so on.
The cybercriminals took advantage of the access to the top accounts by arranging a fake distribution of bitcoins. The scammers acted according to the classic scam scheme: on behalf of famous people and large companies, they asked to send them a small amount of cryptocurrency, promising to double and return any amount received. Thus, the scammers “earned” about 13 BTC, or about $120,000.
“The attack affected a relatively small number of recorded records. Only 130 accounts were hacked, and 45 of them were successfully reset and compromised – the attackers posted fraudulent messages on behalf of these accounts”, – the company said then.
For another 7 accounts, the attackers downloaded all available account content using the Your Twitter Data function. Interestingly, none of these 7 accounts were verified (had no blue checkmark). The attackers also separately viewed the private messages of the owners of the 36 compromised accounts. Moreover, one of these accounts belonged to an unnamed Dutch politician.
Yesterday, July 30, 2020, Twitter representatives released new details revealed during the investigation. It is reported that the recent attack on the social network was the result of the compromise of several company employees at once.
It turned out that on July 15, 2020, scammers staged a phishing attack over the phone and used social engineering. When the credentials stolen from one of the employees prevented the hackers from accessing Twitter’s internal tools, the attackers attacked other employees in the company who had rights and access to the tools to manage user accounts.
“Not all of the attacked employees were authorized to use the account management tools, but the attackers used their credentials to access our internal systems and obtain information about our processes. This information allowed them to attack other employees who had access to our support tools”, — the company representatives write.
After the attack and during the investigation, Twitter severely restricted its employees’ access to internal tools and systems, the company said. These restrictions primarily apply to the Your Twitter Data feature, which allows users to download all of their data from Twitter, but the restrictions also apply to other services.
“We will be slower to respond to account support requests, Twitter complaints, and apps on our developer platform. We regret any delays that arise, but we believe this is a necessary precaution as we make long-term changes to our processes and tools following the incident. We will gradually return to normal response times, but only when we are sure that it is safe”, — the developers promise.
User Review( votes)