Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Massive Twitter hack was caused by spear-phishing attack

Image Description

Twitter believes a targeted spear-phishing attack allowed hackers to gain entry to its internal systems on July 15, leading to the compromise of a number of high-profile accounts.

Various reports suggested a malicious insider might be responsible for the Twitter hack, but it now appears attackers hoodwinked specific employees with access to account administration tools into handing over their credentials.

In a traditional phishing attack, scammers send out a fraudulent email en masse in a bid to harvest as many login credentials as possible. In a spear-phishing attack, however, hackers adopt the identity of a person known to the target individual (e.g. a manager or friend), increasing the likelihood of success.

“The attack on July 15 targeted a small number of employees through a phone spear phishing attack. This attack relied on a significant and concerted effort to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” reads a thread from Twitter Support.

The social media firm claims it is investigating ways of safeguarding against these kinds of attacks in future and has limited access to internal tools and systems until normal operations can be safely resumed.

Twitter hack

The Twitter hack affected 130 accounts in all, including those owned by Bill Gates, Jeff Bezos, Barack Obama and other influential figures.

The hackers tweeted from 45 of these accounts - which were used to peddle a cryptocurrency scam -  accessed the direct messages of 36 and downloaded data relating to 7.

“We are giving back to our community. We support Bitcoin and we believe you should too! All Bitcoin sent to our address below will be sent back to you doubled! Only going on for the next 30 minutes,” read a tweet posted to the Apple Twitter account, which was also hijacked.

Similar messages were published across all compromised accounts, netting the scammers upwards of $100,000 in bitcoin. The figure could have been far greater, however, had cryptocurrency exchange Coinbase not blocked a further $280,000 worth of payments to the wallet address.

Twitter, for its part, immediately locked all verified accounts (even those that were not compromised) and also limited certain feature sets in a bid to contain the incident.

“We’re accelerating several of our pre-existing security workstreams and improvements to our tools. We are also improving our methods for detecting and preventing inappropriate access to our internal systems and prioritizing security work across many of our teams,” said Twitter.

“This was a striking reminder of how important each person on our team is in protecting our service. We take that responsibility seriously and everyone at Twitter is committed to keeping your information safe.”

Date

31 Jul 2020

Sources


Share


Other Blog

  • Intel’s Rocket Lake CPUs could arrive in March to combat AMD Ryzen 5000 threat

    Intel can’t afford to fall any further behind in the desktop processor market.

    Read More
  • AMD RX 5700 series ceases production to clear room for Big Navi

    AMD has stopped manufacturing their RX 5700 series graphics cards in anticipation of the release of their RX 6000 series Big Navi cards on October 28

    Read More
  • Oracle's new converged cloud database enters general availability

    Oracle Database 21c includes new features and enhancements that further extend database use cases for developers.

    Read More
  • Best laptop sales in Australia: cheap laptops to buy in August 2020

    Snag a great bargain on laptops, ultrabooks and 2-in-1 hybrids.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us