Recently, Twitter suffered a giant hack that led to high-profile verified accounts tweeting out bitcoin scams. Hackers managed to infiltrate Twitter’s systems and use the company’s internal tools to commandeer Twitter accounts for Bill Gates, Elon Musk, Apple, and more. Now in a new update, Twitter says a phone spear phishing campaign led to all the damage.
While we knew the hackers used some form of social engineering tactic until now, we could speculate on the specific method used. Twitter says the hackers targetted employees through a phone spear phishing attack. Presumably, that involved calling Twitter employees and posing as security employees or co-workers. If that sounds like a scene out of a bad hacking movie to you, you’re not wrong.
Not every Twitter employee has access to account modification tools. So while the hackers were successful in compromising employee accounts, that didn’t immediately give access to the tools to take over accounts. But that access allowed the hackers to examine Twitter’s internal structures and determine which employees were better targets.
The attack on July 15, 2020, targeted a small number of employees through a phone spear phishing attack. This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.
— Twitter Support (@TwitterSupport) July 31, 2020
From there, the hackers targetted employees with account modification access. Once they had the tools, they started the real work. Over the course of several hours, the hackers targeted 130 accounts, tweeted from 45, and accessed the direct messages of 36 users. Additionally, they downloaded data from seven accounts (down from the original eight the company claimed).
In the aftermath, Twitter disabled user tools to help stem the tide of damage, and while most of those options are back online, the “download your data” feature remains disabled.
Twitter says it’s investigating ways to prevent another attack like this, including “improving our methods for detecting and preventing inappropriate access to our internal systems and prioritizing security work across many of our teams.”