Twitter officials continue to post new findings from an investigation into a massive attack earlier this month. Let me remind you that at that time the accounts of many public people and large companies were compromised, including Bill Gates, Elon Musk, Jeff Bezos, Apple and Uber, CoinDesk, Binance and Gemini, and so on.
The cybercriminals took advantage of the access to the top accounts by arranging a fake distribution of bitcoins. The scammers acted according to the classic scam scheme: on behalf of famous people and large companies, they asked to send them a small amount of cryptocurrency, promising to double and return any amount received. Thus, the scammers "earned" about 13 BTC, or about $ 120,000.
The company previously reported that the attack affected a relatively small number of recorded records. The hack only affected 130 accounts, and 45 of them were successfully reset and compromised – the attackers posted fraudulent messages on behalf of these accounts.
For another 7 accounts, the attackers downloaded all available account content using the Your Twitter Data function. Interestingly, none of these 7 accounts were verified (had no blue checkmark). The attackers also separately viewed the private messages of the owners of the 36 compromised accounts. Moreover, one of these accounts belonged to an unnamed Dutch politician.
Yesterday, July 30, 2020, Twitter representatives unveiled new detailsidentified during the investigation. It is reported that the recent attack on the social network was the result of the compromise of several company employees at once.
It turned out that on July 15, 2020, scammers staged a phishing attack over the phone and used social engineering. When the credentials stolen from one of the employees prevented the hackers from accessing Twitter's internal tools, the attackers attacked other employees in the company who had rights and access to the tools to manage user accounts.
“Not all of the attacked employees were authorized to use the account management tools, but the attackers used their credentials to access our internal systems and obtain information about our processes. This information allowed them to attack other employees who had access to our support tools, ”the company representatives write.
After the attack and during the investigation, Twitter severely restricted its employees' access to internal tools and systems, the company said. These restrictions primarily apply to the Your Twitter Data feature, which allows users to download all of their data from Twitter, but the restrictions also apply to other services.
“We will be slower to respond to account support requests, Twitter complaints, and apps on our developer platform. We regret any delays that arise, but we believe this is a necessary precaution as we are making long-term changes to our processes and tools following the incident. We will gradually return to normal response times, but only when we are sure that it is safe, "the developers promise.