Twitter has shared another update on its investigation into the major hack that targeted numerous high-profile accounts on its platform on July 15.
In a blog post and series of tweets, the company said the perpetrators began by targeting a small number of employees through a phone spear phishing attack. This involves a hacker calling a target and pretending to be a trusted person to extract specific information that ultimately enables them to gain entry to an internal computer system.
The attack on July 15, 2020, targeted a small number of employees through a phone spear phishing attack. This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.
— Twitter Support (@TwitterSupport) July 31, 2020
“A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools,” Twitter said in its blog post. “Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes.”
It said that this knowledge “then enabled them to target additional employees who did have access to our account support tools. Using the credentials of employees with access to these tools, the attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7.”
Targeted accounts included those of prominent political figures such as former President Barack Obama and former Vice President Joe Biden, as well as the likes of Tesla and SpaceX CEO Elon Musk, Microsoft co-founder Bill Gates, and celebrity Kanye West.
The company said that although its internal tools, controls, and processes are constantly being updated and improved, it’s now “taking a hard look” at how it can make them more secure.
While these tools, controls, and processes are constantly being updated and improved, we are taking a hard look at how we can make them even more sophisticated.
— Twitter Support (@TwitterSupport) July 31, 2020
Mindful of the concern the attack has caused among the Twitter community, the company insisted, “Everyone at Twitter is committed to keeping your information safe. We recognize the trust you place in us, and are committing to earning it by continued open, honest and timely updates anytime an incident like this happens.”
The scam involved a fake tweet that appeared on the targeted accounts that encouraged followers to send payments to a Bitcoin wallet, with hundreds of people doing just that. When Twitter spotted the attack, it locked down the affected accounts and removed the bogus tweets.
Last week the incident took a darker turn when it emerged that the hackers had been able to download data linked to some of the accounts, and also managed to obtain access to the direct messages of others.
Twitter has promised to provide a more detailed report on the incident once law enforcement has made more progress with its investigation and after the company has completed work to further safeguard the microblogging service.