Recently, Twitter was hit by a giant hack that led to high-profile verified accounts tweeting out bitcoin scams. Hackers managed to infiltrate Twitter̵7;s system and use the company’s internal tools to command Twitter accounts for Bill Gates, Elon Musk, Apple and more. Now in a new update, Twitter says that a phishing campaign for spearheads led to all the damage.
While we knew that the hackers had so far used some form of social technology, we could speculate on the specific method used. Twitter says the hackers targeted employees through a spearfish attack. It was probably about calling Twitter employees and posing as security employees or employees. If this sounds like a bad hacking scene to you, you are not wrong.
Not every Twitter employee has access to account modification tools. So while the hackers managed to compromise with employee accounts, it did not provide immediate access to the tools to take over accounts. But this access enabled hackers to examine Twitter’s internal structures and determine which employees were better targets.
The attack on 15 July 2020 was aimed at a small number of employees through a phishing attack with a telephone spear. This attack relied on a significant and coordinated attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.
– Twitter Support (@TwitterSupport) July 31, 2020
From there, the hackers targeted employees with access to account changes. Once they had the tools, they started the real work. For several hours, the hackers targeted 130 accounts, tweeted from 45 and accessed instant messages from 36 users. In addition, they downloaded data from seven accounts (downloaded from the original eight that the company claimed).
In retrospect, Twitter has disabled user tools that help prevent damage, and while most of these options are back online, the “download your data” feature remains disabled.
Twitter says it is exploring ways to prevent another attack like this, including “improving our methods of detecting and preventing inappropriate access to our internal systems and prioritizing security work in many of our teams.”