Twitter only released an upgrade on the huge hack which prompted the Great Blue Tick Silence of 2020, allowing us know just how many reports were really changed.
On July 15, hackers posted tweets from many notable, confirmed Twitter users’ accounts, falsely asserting any bitcoin delivered to a particular address could be repaid in dual. The scam frees the hackers 400 payments using a complete value of $121,000 — a tidy sum to get a small number of tweets.
Currently, Twitter has shown exactly what it has learned concerning how this hack happened, saying that it “relied upon an important and concerted effort to deceive certain workers and exploit human vulnerabilities to gain access to [Twitter’s] internal systems.”
“The social engineering that occurred on July 15, 2020, targeted a small number of employees through a phone spear phishing attack,” wrote Twitter in a blog post on Thursday. “A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools.
“Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes. This knowledge then enabled them to target additional employees who did have access to our account support tools.
“Using the credentials of employees with access to these tools, the attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7.”
Twitter’s blog post doesn’t list which accounts were affected, however some figures whose accounts were tweeted from include Elon Musk, Barack Obama, Joe Biden, and Bill Gates.
Twitter didn’t give much detail on how the hackers manipulated employees, but since it did note it was a phone spear phishing attack, it’s likely the hackers called or texted Twitter employees and pretended to be someone else to get them to relay information. The culprits may be young hackers who met through a network of people who steal unique usernames, according to the New York Times.
In addition to sharing information about the hack, Twitter emphasised its security measures, stating that it is examining how it can make them “even more sophisticated.” The social media company has also “significantly limited access to our internal tools and systems” during the ongoing investigation into the breach, unfortunately impending its support response.
“As a result, some features (namely, accessing the Your Twitter Data download feature) and processes have been impacted. We will be slower to respond to account support needs, reported Tweets, and applications to our developer platform,” said Twitter.
“We’re sorry for any delays this causes, but we believe it’s a necessary precaution as we make durable changes to our processes and tooling as a result of this incident. We will gradually resume our normal response times when we’re confident it’s safe to do so.”
Twitter says it will provide more technical details of the hack at a later date “after we’ve completed work to further safeguard our service.” In the meantime, it might be a good idea to turn on two-factor authentication on your account for a bit of extra security. It may not have helped in this case, but it can’t hurt.