We select and review products independently. When you purchase through our links we may earn a commission. Learn more.

Twitter Says a Phone Spear Phishing Attack Led to Its Bitcoin Scam

A smudged Twitter logo surrounded by binary.

Recently, Twitter suffered a giant hack that led to high-profile verified accounts tweeting out bitcoin scams. Hackers managed to infiltrate Twitter’s systems and use the company’s internal tools to commandeer Twitter accounts for Bill Gates, Elon Musk, Apple, and more. Now in a new update, Twitter says a phone spear phishing campaign led to all the damage.

While we knew the hackers used some form of social engineering tactic until now, we could speculate on the specific method used. Twitter says the hackers targeted employees through a phone spear phishing attack. Presumably, that involved calling Twitter employees and posing as security employees or co-workers. If that sounds like a scene out of a bad hacking movie to you, you’re not wrong.

Not every Twitter employee has access to account modification tools. So while the hackers were successful in compromising employee accounts, that didn’t immediately give access to the tools to take over accounts. But that access allowed the hackers to examine Twitter’s internal structures and determine which employees were better targets.

From there, the hackers targeted employees with account modification access. Once they had the tools, they started the real work. Over the course of several hours, the hackers targeted 130 accounts, tweeted from 45, and accessed the direct messages of 36 users. Additionally, they downloaded data from seven accounts (down from the original eight the company claimed).

In the aftermath, Twitter disabled user tools to help stem the tide of damage, and while most of those options are back online, the “download your data” feature remains disabled.

Twitter says it’s investigating ways to prevent another attack like this, including “improving our methods for detecting and preventing inappropriate access to our internal systems and prioritizing security work across many of our teams.”

Source: Twitter

Josh Hendrickson Josh Hendrickson
Josh Hendrickson is the Editor in Chief of Review Geek and is responsible for the site's content direction. He has worked in IT for nearly a decade, including four years spent repairing and servicing computers for Microsoft. He’s also a smart home enthusiast who built his own smart mirror with just a frame, some electronics, a Raspberry Pi, and open-source code. Read Full Bio »