Twitter supplied an update concerning the unprecedented July 15th attack that enabled hackers to tweet out of a number of their very high-profile reports on the ceremony, at a blog article and a succession of tweets printed Thursday evening. Twitter now says a few workers were targeted at a telephone number phishing attack. While Twitter doesn’t really say, that means hackers called up Twitter workers while posing as coworkers or coworkers of Twitter’s own safety group, and got them to disclose exactly the credentials they use to get internal systems.
Twitter had formerly said its tools were endangered in the assault, but until this stage, the firm hadn’t given how that had occurred. “This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” Twitter stated in a tweet out of its service accounts.
By acquiring employee credentials, they could target certain workers who had access to our accounts service tools. Then they targeted 130 Twitter account – Tweeting from 45, obtaining the DM inbox of 36, and downloading the Twitter Data of 7.
— Twitter Service (@TwitterSupport) July 31, 2020
Twitter also revealed the attackers targeted 130 accounts, tweeted from 45, and accessed the direct messages of 36, but lowered the number of accounts that had their Twitter data downloaded (which would have also included direct messages) from “up to 8” to 7.
Twitter limited features and locked accounts for some users in the immediate aftermath of the attack. While many features have come back, “some features (namely, accessing the Your Twitter Data download feature) and processes have been impacted,” Twitter said in its blog post. The company also said it has “significantly limited” access to its internal tools for the moment and is “improving our methods for detecting and preventing inappropriate access to our internal systems.”
We’re accelerating several of our pre-existing security workstreams and improvements to our tools. We are also improving our methods for detecting and preventing inappropriate access to our internal systems and prioritizing security work across many of our teams.
— Twitter Support (@TwitterSupport) July 31, 2020
During the attack, hackers tweeted a bitcoin scam the Twitter accounts of President Barack Obama, Democratic presidential candidate Joe Biden, Tesla also SpaceX CEO Elon Musk, Microsoft co-founder Bill Gates, and more. The FBI has launched an investigation into the assault.