Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Massive Twitter hack was caused by spear-phishing attack

Image Description

Twitter believes a targeted spear-phishing attack allowed hackers to gain entry to its internal systems on July 15, leading to the compromise of a number of high-profile accounts.

Various reports suggested a malicious insider might be responsible for the Twitter hack, but it now appears attackers hoodwinked specific employees with access to account administration tools into handing over their credentials.

In a traditional phishing attack, scammers send out a fraudulent email en masse in a bid to harvest as many login credentials as possible. In a spear-phishing attack, however, hackers adopt the identity of a person known to the target individual (e.g. a manager or friend), increasing the likelihood of success.

“The attack on July 15 targeted a small number of employees through a phone spear phishing attack. This attack relied on a significant and concerted effort to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” reads a thread from Twitter Support.

The social media firm claims it is investigating ways of safeguarding against these kinds of attacks in future and has limited access to internal tools and systems until normal operations can be safely resumed.

Twitter hack

The Twitter hack affected 130 accounts in all, including those owned by Bill Gates, Jeff Bezos, Barack Obama and other influential figures.

The hackers tweeted from 45 of these accounts - which were used to peddle a cryptocurrency scam -  accessed the direct messages of 36 and downloaded data relating to 7.

“We are giving back to our community. We support Bitcoin and we believe you should too! All Bitcoin sent to our address below will be sent back to you doubled! Only going on for the next 30 minutes,” read a tweet posted to the Apple Twitter account, which was also hijacked.

Similar messages were published across all compromised accounts, netting the scammers upwards of $100,000 in bitcoin. The figure could have been far greater, however, had cryptocurrency exchange Coinbase not blocked a further $280,000 worth of payments to the wallet address.

Twitter, for its part, immediately locked all verified accounts (even those that were not compromised) and also limited certain feature sets in a bid to contain the incident.

“We’re accelerating several of our pre-existing security workstreams and improvements to our tools. We are also improving our methods for detecting and preventing inappropriate access to our internal systems and prioritizing security work across many of our teams,” said Twitter.

“This was a striking reminder of how important each person on our team is in protecting our service. We take that responsibility seriously and everyone at Twitter is committed to keeping your information safe.”

Date

31 Jul 2020

Sources


Share


Other Blog

  • Labor Day laptop sales 2021: deals now live on Apple, Dell, HP, and more

    The Labor Day laptop sales 2021 are in full swing - here are our top picks for today's deals.

    Read More
  • Microsoft is forcing people to use its Windows 10 antivirus software

    Don’t want to use Microsoft Defender? You’re out of luck.

    Read More
  • We tracked down the largest USB flash drive in the world and got a nasty surprise

    This 2TB USB memory stick from Kingston costs more than a MacBook Air.

    Read More
  • Android devices now offer a blockchain-powered, decentralized search engine

    Android users in Europe will now be able to replace Google Search with another option as their default search engine.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us