19 total views
Just lately, Twitter suffered a large hack that led to high-profile verified accounts tweeting out bitcoin scams. Hackers managed to infiltrate Twitter’s techniques and use the corporate’s inside instruments to commandeer Twitter accounts for Bill Gates, Elon Musk, Apple, and more. Now in a brand new replace, Twitter says a telephone spear phishing marketing campaign led to all of the harm.
Whereas we knew the hackers used some type of social engineering tactic till now, we may speculate on the particular technique used. Twitter says the hackers targetted workers by a telephone spear phishing assault. Presumably, that concerned calling Twitter workers and posing as safety workers or co-workers. If that appears like a scene out of a foul hacking film to you, you’re not fallacious.
Not each Twitter worker has entry to account modification instruments. So whereas the hackers have been profitable in compromising worker accounts, that didn’t instantly give entry to the instruments to take over accounts. However that entry allowed the hackers to look at Twitter’s inside buildings and decide which workers have been higher targets.
The assault on July 15, 2020, focused a small variety of workers by a telephone spear phishing assault. This assault relied on a big and concerted try to mislead sure workers and exploit human vulnerabilities to realize entry to our inside techniques.
— Twitter Assist (@TwitterSupport) July 31, 2020
From there, the hackers targetted workers with account modification entry. As soon as that they had the instruments, they began the actual work. Over the course of a number of hours, the hackers targeted 130 accounts, tweeted from 45, and accessed the direct messages of 36 users. Moreover, they downloaded data from seven accounts (down from the unique eight the corporate claimed).
Within the aftermath, Twitter disabled person instruments to assist stem the tide of harm, and whereas most of these choices are again on-line, the “obtain your knowledge” function stays disabled.
Twitter says it’s investigating methods to forestall one other assault like this, together with “enhancing our strategies for detecting and stopping inappropriate entry to our inside techniques and prioritizing safety work throughout a lot of our groups.”