Twitter believes a targeted spear-phishing attack allowed hackers to gain entry to its internal systems on July 15, leading to the compromise of a number of high-profile accounts.
Various reports suggested a malicious insider might be responsible for the Twitter hack, but it now appears attackers hoodwinked specific employees with access to account administration tools into handing over their credentials.
In a traditional phishing attack, scammers send out a fraudulent email en masse in a bid to harvest as many login credentials as possible. In a spear-phishing attack, however, hackers adopt the identity of a person known to the target individual (e.g. a manager or friend), increasing the likelihood of success.
“The attack on July 15 targeted a small number of employees through a phone spear phishing attack. This attack relied on a significant and concerted effort to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” reads a thread from Twitter Support.
The social media firm claims it is investigating ways of safeguarding against these kinds of attacks in future and has limited access to internal tools and systems until normal operations can be safely resumed.
Twitter hack
The Twitter hack affected 130 accounts in all, including those owned by Bill Gates, Jeff Bezos, Barack Obama and other influential figures.
The hackers tweeted from 45 of these accounts – which were used to peddle a cryptocurrency scam – accessed the direct messages of 36 and downloaded data relating to 7.
“We are giving back to our community. We support Bitcoin and we believe you should too! All Bitcoin sent to our address below will be sent back to you doubled! Only going on for the next 30 minutes,” read a tweet posted to the Apple Twitter account, which was also hijacked.
Similar messages were published across all compromised accounts, netting the scammers upwards of $100,000 in bitcoin. The figure could have been far greater, however, had cryptocurrency exchange Coinbase not blocked a further $280,000 worth of payments to the wallet address.
Twitter, for its part, immediately locked all verified accounts (even those that were not compromised) and also limited certain feature sets in a bid to contain the incident.
“We’re accelerating several of our pre-existing security workstreams and improvements to our tools. We are also improving our methods for detecting and preventing inappropriate access to our internal systems and prioritizing security work across many of our teams,” said Twitter.
“This was a striking reminder of how important each person on our team is in protecting our service. We take that responsibility seriously and everyone at Twitter is committed to keeping your information safe.”