After the infamous Twitter hack in mid-July, the social media giant has published a new update on its investigation, informing that the perpetrators successfully targeted a small number of employees through a phone spear-phishing attack.
Phishing Attack Caused The Twitter Hack
Following the blatant attack on its network, Twitter has been quite transparent in its investigations, at least according to the regular updates the company shares. In the latest one, the social media platform outlined again that the law enforcement investigation continues, and they managed to discover the source of the initial vulnerability.
“The social engineering that occurred on July 15th, 2020, targeted a small number of employees through a phone spear-phishing attack. A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools.” – reads the update.
While not all targeted employees had permissions to use account management tools, the perpetrators exploited their credentials to access internal systems and gain valuable information about Twitter’s processes and operations. By acquiring this data, the attackers focused on employees that possessed access to the account support tools.
Ultimately, by using those credentials, the hackers attacked 130 Twitter accounts, tweeted from 45, accessed the DM inbox of 36, and downloaded data from 7.
The recent update also asserted that Twitter has contacted each impacted account owner directly and “worked to restore access to any accounts who may have been temporarily locked out during our remediation efforts.” The company has also limited access to its internal tools and systems to ensure enhanced security until the completion of the investigation.
Twitter Hack: The Short History
As CryptoPotato reported on July 15th, lots of cryptocurrency-related accounts of popular individuals and companies got hacked. As a result, the same message appeared on each, containing a suspicious partnership and an offer to give back 5,000 BTC to the community.
Minutes later, the attack reached the accounts of Bill Gates, Barack Obama, Joe Biden, Kanye West, Elon Musk, Jeff Bezos, Apple, Uber, and more. The message was slightly different, but the end idea was the same – “to give back 5,000 BTC.” All people had to do to get some of that massive amount was to send funds in bitcoins to a specific address and wait to receive double that amount.
Needless to say, it was an apparent fake Bitcoin giveaway scam. However, lots of people fell for it as some reports indicate that over $120,000 in BTC were sent to those fraudulent addresses.