High-Profile Hack Was the Result of a Phishing Attack: Twitter

Twitter said it has now “significantly limited” access to its internal tools.

Updated31 Jul 2020, 04:32 AM IST
Tech and Auto
2 min read

Following the massive Twitter hack earlier this month that hijacked the accounts of dozens of high-profile politicians, celebrities, and businesses to peddle a cryptocurrency scam, Twitter said on Thursday, 30 July, that this was the result of a spear phishing attack.

The company said it has now "significantly limited" access to its internal tools.

What is Phishing?

A phishing attack is a fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, or trick victims into opening malicious emails or links disguised as legitimate web content.

How Did This Phishing Attack Happen?

Twitter explained in a series of tweets that the attack took place on 15 July 2020, targeting a small number of employees. This “misled certain employees and exploited human vulnerabilities to gain access” to their internal systems.

"This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems," Twitter said in a tweet.

The hacker had reportedly obtained employee credentials, with which they targeted specific employees who had access to the Twitter account’s support tools. “They then targeted 130 Twitter accounts - Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7,” a tweet read.

How is Twitter Handling This Attack?

Twitter said they have now ‘significantly limited access’ to their internal tools and systems. “Until we can safely resume normal operations, our response times to some support needs and reports will be slower,” a tweet read. The team is also constantly updating and improving to make the tools, controls and processes more sophisticated. Twitter is accelerating several of their pre-existing security work streams and improving methods for detecting and preventing inappropriate access to its internal systems.

What Was the 15 July Incident?

The 15 July security breach incident led to one of the biggest high-profile hacks with the takeover of accounts belonging to Barack Obama, Joe Biden, Jeff Bezos and many others. Apple, Uber and other businesses were also caught up in the hack. The compromised accounts were then used to promote a bitcoin scam.

Twitter said that 130 accounts were targeted in the attack, with hackers managing to tweet from 45 accounts, access the direct message inboxes of 36 accounts and download the Twitter data from seven.

Hackers appear to have netted more than $113,500 from the scam.

Cybersecurity experts believe that this incident has vast security implications.

Liked this story? We'll send you more. Subscribe to The Quint's newsletter and get selected stories delivered to your inbox every day. Click to get started.

The Quint is available on Telegram & WhatsApp too, click to join.

Published: 31 Jul 2020, 04:25 AM IST
Stay Updated

Subscribe To Our Daily Newsletter And Get News Delivered Straight To Your Inbox.

Join over 120,000 subscribers!