Twitter hackers used targeted phone phishing

Twitter officials continue to post new findings from an investigation of a massive attack earlier this month. Now the company’s engineers said that the hackers used targeted phone phishing to break into Twitter.

Let me remind you that the break was the largest in the history of the social network. Accounts of many public people and large companies were compromised, including Bill Gates, Elon Musk, Jeff Bezos, Apple and Uber, the CoinDesk, Binance and Gemini exchanges, and so on.

The cybercriminals took advantage of the access to the top accounts by arranging a fake distribution of bitcoins. The scammers acted according to the classic scam scheme: on behalf of famous people and large companies, they asked to send them a small amount of cryptocurrency, promising to double and return any amount received. Thus, the scammers “earned” about 13 BTC, or about $120,000.

“The attack affected a relatively small number of recorded records. Only 130 accounts were hacked, and 45 of them were successfully reset and compromised – the attackers posted fraudulent messages on behalf of these accounts”, – the company said then.

For another 7 accounts, the attackers downloaded all available account content using the Your Twitter Data function. Interestingly, none of these 7 accounts were verified (had no blue checkmark). The attackers also separately viewed the private messages of the owners of the 36 compromised accounts. Moreover, one of these accounts belonged to an unnamed Dutch politician.

Yesterday, July 30, 2020, Twitter representatives released new details revealed during the investigation. It is reported that the recent attack on the social network was the result of the compromise of several company employees at once.

It turned out that on July 15, 2020, scammers staged a phishing attack over the phone and used social engineering. When the credentials stolen from one of the employees prevented the hackers from accessing Twitter’s internal tools, the attackers attacked other employees in the company who had rights and access to the tools to manage user accounts.

“Not all of the attacked employees were authorized to use the account management tools, but the attackers used their credentials to access our internal systems and obtain information about our processes. This information allowed them to attack other employees who had access to our support tools”, — the company representatives write.

After the attack and during the investigation, Twitter severely restricted its employees’ access to internal tools and systems, the company said. These restrictions primarily apply to the Your Twitter Data feature, which allows users to download all of their data from Twitter, but the restrictions also apply to other services.

“We will be slower to respond to account support requests, Twitter complaints, and apps on our developer platform. We regret any delays that arise, but we believe this is a necessary precaution as we make long-term changes to our processes and tools following the incident. We will gradually return to normal response times, but only when we are sure that it is safe”, — the developers promise.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Check Also

US sanctions for Triton malware

US authorities imposed sanctions on a Russian institution associated with Triton malware

The US Treasury Department announced the imposition of sanctions on the Central Research Institute of …

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.