Skip to main content

Twitter offers more details on how hackers cracked its internal systems

Twitter has shared another update on its investigation into the major hack that targeted numerous high-profile accounts on its platform on July 15.

In a blog post and series of tweets, the company said the perpetrators began by targeting a small number of employees through a phone spear phishing attack. This involves a hacker calling a target and pretending to be a trusted person to extract specific information that ultimately enables them to gain entry to an internal computer system.

“A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools,” Twitter said in its blog post. “Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes.”

It said that this knowledge “then enabled them to target additional employees who did have access to our account support tools. Using the credentials of employees with access to these tools, the attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7.”

Targeted accounts included those of prominent political figures such as former President Barack Obama and former Vice President Joe Biden, as well as the likes of Tesla and SpaceX CEO Elon Musk, Microsoft co-founder Bill Gates, and celebrity Kanye West.

The company said that although its internal tools, controls, and processes are constantly being updated and improved, it’s now “taking a hard look” at how it can make them more secure.

Mindful of the concern the attack has caused among the Twitter community, the company insisted, “Everyone at Twitter is committed to keeping your information safe. We recognize the trust you place in us, and are committing to earning it by continued open, honest and timely updates anytime an incident like this happens.”

The scam involved a fake tweet that appeared on the targeted accounts that encouraged followers to send payments to a Bitcoin wallet, with hundreds of people doing just that. When Twitter spotted the attack, it locked down the affected accounts and removed the bogus tweets.

Last week the incident took a darker turn when it emerged that the hackers had been able to download data linked to some of the accounts, and also managed to obtain access to the direct messages of others.

Twitter has promised to provide a more detailed report on the incident once law enforcement has made more progress with its investigation and after the company has completed work to further safeguard the microblogging service.

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Twitter attempts to sort out verification system with new badges
A lot of white Twitter logos against a blue background.

After weeks of chaos that marked Elon Musk’s first month in charge of Twitter, the man himself said the platform’s suspended verification system will relaunch on December 2. And it’ll be markedly different than before.

Musk said in a tweet (below) that starting on Friday, companies will begin receiving a gold check mark, while government accounts will receive a gray one. Meanwhile, individuals who pay for Twitter Blue, whether or not they’re a prominent figure, will receive the traditional blue mark.

Read more
Twitter’s SMS two-factor authentication is having issues. Here’s how to switch methods
A person's hands holding a smartphone as they browse Twitter on it.

It might be a good idea to review and change your two-factor authentication options for Twitter. Elon Musk's Twitter has another issue for its users to worry about.

Twitter has reportedly been having issues with its SMS two-factor authentication feature (2FA). According to Wired, beginning as early as this past weekend, some Twitter users have reported difficulties logging in to their Twitter accounts due to the app's SMS 2FA feature not working properly. Essentially, the feature relies on the app sending users an authentication code via text message, which they can then enter as a second step in the login process.

Read more
Twitter to start layoffs on Friday, internal email reveals
A stylized composite of the Twitter logo.

Following days of speculation after Elon Musk’s recent takeover of Twitter in a $44 billion deal, the company is expected to make significant job cuts on Friday.

In a widely reported internal email sent to Twitter employees on Thursday, the company said:

Read more