قالب وردپرس درنا توس
Home / Tips and Tricks / Twitter says a phone spear phishing attack led to its Bitcoin scam – Review Geek

Twitter says a phone spear phishing attack led to its Bitcoin scam – Review Geek



A dirty Twitter logo surrounded by binary.
DANIEL CONSTANTE / Shutterstock

Recently, Twitter was hit by a giant hack that led to high-profile verified accounts tweeting out bitcoin scams. Hackers managed to infiltrate Twitter̵

7;s system and use the company’s internal tools to command Twitter accounts for Bill Gates, Elon Musk, Apple and more. Now in a new update, Twitter says that a phishing campaign for spearheads led to all the damage.

While we knew that the hackers had so far used some form of social technology, we could speculate on the specific method used. Twitter says the hackers targeted employees through a spearfish attack. It was probably about calling Twitter employees and posing as security employees or employees. If this sounds like a bad hacking scene to you, you are not wrong.

Not every Twitter employee has access to account modification tools. So while the hackers managed to compromise with employee accounts, it did not provide immediate access to the tools to take over accounts. But this access enabled hackers to examine Twitter’s internal structures and determine which employees were better targets.

From there, the hackers targeted employees with access to account changes. Once they had the tools, they started the real work. For several hours, the hackers targeted 130 accounts, tweeted from 45 and accessed instant messages from 36 users. In addition, they downloaded data from seven accounts (downloaded from the original eight that the company claimed).

In retrospect, Twitter has disabled user tools that help prevent damage, and while most of these options are back online, the “download your data” feature remains disabled.

Twitter says it is exploring ways to prevent another attack like this, including “improving our methods of detecting and preventing inappropriate access to our internal systems and prioritizing security work in many of our teams.”

Source: Twitter




Source link