Twitter Security Incident : On Wednesday, July 15, Twitter experienced a major security breach. This breach allowed hackers to spread a bitcoin scam from accounts of some of the site’s most high-profile users. Accounts of verified users like Obama, Musk, Biden, and Apple were a part of this widespread breach.
On July 15, a tweeted message was sent out from various accounts, offering $2000 for every $1000 sent to a Bitcoin address. According to reports, within a span of a few minutes, this scam allowed its creators to earn more than $100,000. This attack is considered one of the biggest cyber attacks in history.
Soon after the incident, Twitter took the step of suspending all tweets and password reset attempts on verified accounts for a while.
Initial investigations by Twitter led to the conclusion that the hack looked like a result of a social engineering attack. Social engineering means the psychological manipulation of people to make them divulge confidential information.
Addressing the attack, Twitter also mentioned, that according to findings, the attackers manipulated a few employees to access Twitter’s internal systems. They also mentioned that around 130 accounts were targeted. On 45 of those accounts, the attackers could reset the password, login, and sent Tweets.
According to Twitter, the incident response team revoked access to internal systems to prevent further access. The team also mentioned that investigation is ongoing in tandem with law enforcement.
Updates as on 30th July:
Twitter, on July 30, released an update on the incident. According to these updates, Twitter confirmed that the attackers were not able to view previous passwords. The attackers were able to view personal information like email addresses and phone numbers.
An ongoing investigation led to more information about the attack. According to Twitter, the attackers, through social engineering, used the credentials of a few employees to gain information about internal systems and processes. This knowledge enabled the attackers to target additional employees.
According to updates, apart from 130 accounts being targeted, 45 were used for Tweeting, 36 accounts had their DM inbox accessed, and Twitter data of 7 accounts were downloaded. The DM inbox of 1 elected official of the Netherlands is also among the 36 accounts that were accessed.
The company also addressed the concern that has been expressed regarding its tools and levels of employee access. To these concerns, Twitter replied, that though these tools, controls, and processes are being upgraded and improved, they are taking a “hard look” at how these processes can be made more sophisticated.
Twitter also emphasized on how this attack relied on a concerted attempt to mislead employees and exploit human vulnerabilities. In their update, they also mentioned that they have communicated directly with impacted account owners.
Update on Protection of Service:
Twitter, in its latest update, also mentioned that the company has limited access to internal tools to ensure security. This might lead to certain features, like Your Twitter Data, being impacted. It might also lead to a slower response to account support, reported Tweets, etc.
Twitter has also mentioned that various improvements to tools and security work streams will be accelerated. The company also mentioned improved methods of detecting and preventing unwanted access to internal systems. The team will also continue organizing company-wide phishing exercises.
Twitter will continue to post updates and precautionary steps as and when they are taken.
Originally posted 2020-08-05 17:53:46.