Twitter said that a high-profile hack earlier this month first targeted a small number of employees through a phone “spear phishing” attack, using their credentials to access the system and contact other staffers who had access key support tools.
“Using the credentials of employees with access to these tools, the attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7,” the company said in the latest update on the breach posted on its blog.
Scammers hacked the accounts of Barack Obama, Kanye West, Elon Musk, Joe Biden, Bill Gates and other big names, asking – and getting — people to send money to a Bitcoin account listed on fake Tweets. The FBI is investigating the July 15 breach, which raised fresh concerns about the security of Twitter’s data and its implications.
Spear phishing, which isn’t particularly sophisticated, is targeting specific individuals to trick them into giving up confidential information.
“This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” Twitter said.
July 30, 2020
As our investigation continues, we’re sharing an update to answer some of the remaining questions based on what we’ve discovered to date. We will provide a more detailed technical report on what occurred at a later date given the ongoing law enforcement investigation and after we’ve completed work to further safeguard our service.
What we know now
The social engineering that occurred on July 15, 2020, targeted a small number of employees through a phone spear phishing attack. A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools. Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes. This knowledge then enabled them to target additional employees who did have access to our account support tools. Using the credentials of employees with access to these tools, the attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7.
There has been concern following this incident around our tools and levels of employee access. To run our business, we have teams around the world that help with account support. Our teams use proprietary tools to help with a variety of support issues as well as to review content in line with The Twitter Rules and respond to reports. Access to these tools is strictly limited and is only granted for valid business reasons. We have zero tolerance for misuse of credentials or tools, actively monitor for misuse, regularly audit permissions, and take immediate action if anyone accesses account information without a valid business reason. While these tools, controls, and processes are constantly being updated and improved, we are taking a hard look at how we can make them even more sophisticated.
This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems. This was a striking reminder of how important each person on our team is in protecting our service. We take that responsibility seriously and everyone at Twitter is committed to keeping your information safe.
We’ve communicated directly with the impacted account owners and worked to restore access to any accounts who may have been temporarily locked out during our remediation efforts. Our investigation is ongoing, and we are working with the appropriate authorities to ensure that the people responsible for this attack are identified.
Subscribe to Deadline Breaking News Alerts and keep your inbox happy.