Twitter today said that the attackers behind this month’s hack were able to take control of high-profile accounts after stealing Twitter employees’ credentials as part of a phone spear phishing attack on July 15, 2020.
According to the company, the phone-based social engineering attack allowed them to obtain the credentials of a limited set of employees which made it possible to gain access Twitter’s internal network and support tools.
” Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes,” Twitter said.
“This knowledge then enabled them to target additional employees who did have access to our account support tools.”
In all, using credentials of employees with access to internal Twitter support tools, the attackers targeted a total of 130 Twitter accounts, tweeting from 45 of them, accessing the direct messages of 36 (including the inbox of Dutch Member of House of Representatives Geert Wilders), and downloading the Twitter Data for 7 accounts.
The hackers used the accounts they took over following the phone spear phishing attack to push a Bitcoin scam which filled their crypto-wallets with roughly $120,000 worth of bitcoins.
Twitter says that it has “significantly” limited employees’ access to its internal systems and support tools during the ongoing investigation and that it expects response times to some user reports and support needs to be slower until normal operations will be resumed.
According to a Reuters report, over 1,000 Twitter contractors and employees had access to the company’s internal tools before the attack.
The company is also improving the tools used to detect and prevent unauthorized access to Twitter’s internal systems and is also running company-wide phishing exercises to block similar future hack attempts.
“This was a striking reminder of how important each person on our team is in protecting our service,” Twitter said. “We take that responsibility seriously and everyone at Twitter is committed to keeping your information safe.”
In earlier updates, Twitter said it found no evidence that the scammers never gained access to the impacted accounts’ passwords and that they will not be reset.
Instead, for 45 of the accounts used to push the Bitcoin scam, the attackers were able to reset passwords and then log into the accounts to send their scam messages.
Additionally, the company confirmed that the scammers may have also tried to sell some of the accounts they took over.
The Twitter accounts of tech companies (@Apple and @Uber), crypto exchanges (@coinbase, @Gemini, and @binance), tech executives, celebrities, and politicians (@JeffBezos, @BarackObama, @elon_musk, @kanyewest, @JoeBiden, @BillGates, and @WarrenBuffett) are some of the 130 used by the hackers to promote their Bitcoin scam.
The information contained in this website is for general information purposes only. The information is gathered from Bleeping Computer, while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk. Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them. Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.