On July 15, hackers posted tweets from several prominent, verified Twitter users’ accounts, falsely claiming that any bitcoin sent to a certain address would be paid back in double. The scam netted the hackers 400 payments with a total value of $121,000 — a tidy sum for a handful of tweets.
Now, Twitter has revealed what it’s learned about how this hack took place, stating that it “relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to [Twitter’s] internal systems.”
“The social engineering that occurred on July 15, 2020, targeted a small number of employees through a phone spear phishing attack,” wrote Twitter in a blog post on Thursday. “A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools.
“Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes. This knowledge then enabled them to target additional employees who did have access to our account support tools.
“Using the credentials of employees with access to these tools, the attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7.”
Twitter’s blog post doesn’t list which accounts were affected, however some figures whose accounts were tweeted from include Elon Musk, Barack Obama, Joe Biden, and Bill Gates.
Twitter didn’t give much detail on how the hackers manipulated employees, but since it did note it was a phone spear phishing attack, it’s likely the hackers called or texted Twitter employees and pretended to be someone else to get them to relay information. The culprits may be young hackers who met through a network of people who steal unique usernames, according to the New York Times.
In addition to sharing information about the hack, Twitter emphasised its security measures, stating that it is examining how it can make them “even more sophisticated.” The social media company has also “significantly limited access to our internal tools and systems” during the ongoing investigation into the breach, unfortunately impending its support response.
“As a result, some features (namely, accessing the Your Twitter Data download feature) and processes have been impacted. We will be slower to respond to account support needs, reported Tweets, and applications to our developer platform,” said Twitter.
“We’re sorry for any delays this causes, but we believe it’s a necessary precaution as we make durable changes to our processes and tooling as a result of this incident. We will gradually resume our normal response times when we’re confident it’s safe to do so.”
Twitter says it will provide more technical details of the hack at a later date “after we’ve completed work to further safeguard our service.” In the meantime, it might be a good idea to turn on two-factor authentication on your account for a bit of extra security. It may not have helped in this case, but it can’t hurt.