After several blue tick Twitter accounts including Kim Kardashian and Elon Musk’s were hacked, Twitter just released an update on how this immense hack took place.
The attack took place on July 15, with hackers using numerous popular, verified Twitter accounts to post false claims suggesting that bitcoins sent to a particular address will be paid back in double. The scheme amassed a total of 400 payments amounting to a neat $121,000.
Twitter has now disclosed the new information it uncovered: the “attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to Twitter’s internal systems”.
By obtaining employee credentials, they were able to target specific employees who had access to our account support tools. They then targeted 130 Twitter accounts – Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7.
— Twitter Support (@TwitterSupport) July 31, 2020
This act of “social engineering that occurred on July 15, 2020, targeted a small number of employees through a phone spear phishing attack”. While “[n]ot all of the employees that were initially targeted had permissions to use account management tools”, the information about internal processes that they gained from this round “enabled them to target additional employees who did have access to our account support tools”.
“The social engineering that occurred on July 15, 2020, targeted a small number of employees through a phone spear phishing attack,” wrote Twitter in a blog post on Thursday.
Twitter further reveals that “the attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7”. While Twitter did not explicitly state which accounts were affected, known accounts that the hackers tweeted from include Kim Kardashian’s, Barack Obama’s, Elon Musk’s, and Bill Gates’.
Twitter also did not share much detail on how its employees were targeted but given that it was a “phone spear phishing attack”, it seems probable that the hackers texted or called the Twitter employees and assumed false identities to glean information from them. The offenders here are likely to be young hackers who seem to have met through a network of people who steal and trade unique usernames, according to The New York Times.
We’ve significantly limited access to our internal tools and systems. Until we can safely resume normal operations, our response times to some support needs and reports will be slower. Thank you for your patience as we work through this.
— Twitter Support (@TwitterSupport) July 31, 2020
Aside from disclosing how the hackers were able to orchestrate this scam, Twitter also unveiled its novel safety features including how they have “significantly limited access to our internal tools and systems to ensure ongoing account security”.
As a result, they “will be slower to respond to account support needs, reported Tweets, and applications to [Twitter’s] developer platform”, but better safety features seem worth the wait. They assure us that they “will gradually resume [their] normal response times when [they’re] confident it’s safe to do so”.
Twitter says it “will continue to share updates and precautionary steps”, but in the meanwhile, do take care to turn on two-factor identification and consider protecting your tweets.
Featured image by Mika Baumeister on Unsplash
