The Twitter hack that compromised prominent users like Joe Biden and Elon Musk was the result of a targeted “phishing attack” against its employees, the company said Thursday.
The culprits underwent a “significant and concerted” effort to target specific employees with access to Twitter support tools to successfully takeover 45 accounts, from which they sent bogus tweets asking users to send bitcoins to specific addresses earlier this month.
“The attack on July 15, 2020, targeted a small number of employees through a phone spear phishing attack,” Twitter wrote in an update on the hack. “This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.”
Considered the biggest attack in Twitter’s history, the hack was apparently carried out by four young adult gamers — including a 19-year-old who lives with his mother — as a prank devoid of any ideological motivation, the New York Times reported.
In addition to the fraudulent tweets, the hackers managed to access the DM inbox of 36 accounts and downloaded the Twitter data for seven accounts, according to Twitter.
The social media company is still grappling with how to respond. Twitter added it is still not comfortable returning to normal operations — that it has limited access to internal tools until it feels it has properly safeguarded its backend.
“While these tools, controls, and processes are constantly being updated and improved, we are taking a hard look at how we can make them even more sophisticated,” Twitter wrote.
“We’ve significantly limited access to our internal tools and systems,” the company went on. “Until we can safely resume normal operations, our response times to some support needs and reports will be slower. Thank you for your patience as we work through this.”
Twitter said it was working to improve preventing and detecting “inappropriate access” to its systems.
The FBI and the law enforcement authorities are investigating the attack with the cooperation of Twitter.
“This was a striking reminder of how important each person on our team is in protecting our service,” Twitter went on. “We take that responsibility seriously and everyone at Twitter is committed to keeping your information safe.”
Credit: Source link