Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Massive Twitter hack was caused by spear-phishing attack

Image Description

Twitter believes a targeted spear-phishing attack allowed hackers to gain entry to its internal systems on July 15, leading to the compromise of a number of high-profile accounts.

Various reports suggested a malicious insider might be responsible for the Twitter hack, but it now appears attackers hoodwinked specific employees with access to account administration tools into handing over their credentials.

In a traditional phishing attack, scammers send out a fraudulent email en masse in a bid to harvest as many login credentials as possible. In a spear-phishing attack, however, hackers adopt the identity of a person known to the target individual (e.g. a manager or friend), increasing the likelihood of success.

“The attack on July 15 targeted a small number of employees through a phone spear phishing attack. This attack relied on a significant and concerted effort to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” reads a thread from Twitter Support.

The social media firm claims it is investigating ways of safeguarding against these kinds of attacks in future and has limited access to internal tools and systems until normal operations can be safely resumed.

Twitter hack

The Twitter hack affected 130 accounts in all, including those owned by Bill Gates, Jeff Bezos, Barack Obama and other influential figures.

The hackers tweeted from 45 of these accounts - which were used to peddle a cryptocurrency scam -  accessed the direct messages of 36 and downloaded data relating to 7.

“We are giving back to our community. We support Bitcoin and we believe you should too! All Bitcoin sent to our address below will be sent back to you doubled! Only going on for the next 30 minutes,” read a tweet posted to the Apple Twitter account, which was also hijacked.

Similar messages were published across all compromised accounts, netting the scammers upwards of $100,000 in bitcoin. The figure could have been far greater, however, had cryptocurrency exchange Coinbase not blocked a further $280,000 worth of payments to the wallet address.

Twitter, for its part, immediately locked all verified accounts (even those that were not compromised) and also limited certain feature sets in a bid to contain the incident.

“We’re accelerating several of our pre-existing security workstreams and improvements to our tools. We are also improving our methods for detecting and preventing inappropriate access to our internal systems and prioritizing security work across many of our teams,” said Twitter.

“This was a striking reminder of how important each person on our team is in protecting our service. We take that responsibility seriously and everyone at Twitter is committed to keeping your information safe.”

Date

31 Jul 2020

Sources


Share


Other Blog

  • Windows 11 blocks testers from using classic Windows 10 Start menu

    A workaround to revert to the traditional Start menu has been removed from the latest preview of Windows 11.

    Read More
  • HP launches Pavilion 27 and AIO 24 All-In-One PCs in India

    HP has expanded its All-in-One computer portfolio in India with the launch of the Pavilion 27 and the AIO 24.

    Read More
  • Microsoft Edge is finally getting the Office 365 integration we've all been waiting for

    Microsoft's new Office Viewer toggle for Edge lets you view Office files without having to download them first.

    Read More
  • The cheapest Chromecast prices and deals for February 2021

    We check Chromecast prices from thousands of retailers every day so you always get the cheapest deals.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us