Twitter has now informed that attackers of the high-profile account hacks happened last month, were done by obtaining the credentials of some of their employees. Employees with access to internal tools and account support were targeted by phone spear phishing methods to obtain their credentials, and access the accounts.
Twitter Explains How the High-profile Accounts Were Hacked:
After completing the thorough investigation into the high-profile accounts hacking incident, Twitter now comes up with an explanation about how it happened. In a series of tweets by Twitter Support, the company’s official handle for support updates has explained the incident yesterday.
It said the attacks targeted a few of their employees via phone spear-phishing attacks to gain their company’s internal network credentials. This gave them a chance to access their accounts and learn the internal processes of handling accounts. Thereby, they stated targeting more employees who have access to the company’s tools and account management support.
The attack on July 15, 2020, targeted a small number of employees through a phone spear phishing attack. This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.
— Twitter Support (@TwitterSupport) July 31, 2020
Thus, the attackers were able to access accounts of 130 users, tweeted from 45 of them, checked personal messages of 36 and downloaded Twitter data of 7 of them!
High-profile accounts like Barack Obama, Kanye West, Kim Kardashian, Bill Gates, Jeff Bezos, Elon Musk and institutional accounts like Apple, Uber, Gemini, Binance and Coinbase were breached.
They used these accounts to post a fake campaign of cryptocurrency giveaway and left a Bitcoin address to receive donations. So far, the attackers have managed to receive over $120,000 worth of Bitcoin to that wallet. And now, Twitter says that some of these accounts may have tried to trade illegally too.
The company, at last, tells that it has significantly limited the access of employees to account management tools, which results in responding to user reports slowly. Further, it’s also running company-wide phishing exercises and improving the tools to detect and prevent unauthorized access to Twitter’s internal systems.