Twitter hack was more than just a bitcoin scam. Ongoing investigations by the company reveal hackers were able to access inboxes of 36 high-profile Twitter users, including a Dutch politician.
In the aftermath of the Twitter hack, wherein 130 accounts of notable Twitter users, including Elon Musk, Jeff Bezos, Joe Biden were compromised, details have surfaced about the modus operandi of the attack, engineered via internal employee tools.
Twitter, in an update, admitsOpens a new window that attackers “successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections.â€
The hackers accessed tools available to internal support teams to target 130 Twitter accounts. The full scale of the crisis was revealed when the attackers were able to initiate a password reset, login to the account, and send Tweets from 45 of those accounts. For upto 36 accounts, the attackers were able to access the DMs and read private messages and one of the accounts belonged to Geert Wilders, a Dutch elected official.
Twitter added: For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter DataOpens a new window †tool. The social media firm has reached out to the account owners.
While the scammers made off with a decent bitcoin, Twitter swung into action, taking “preemptive measures to restrict functionality for many accounts on Twitter, including things like preventing them from Tweeting or changing passwords.â€
Tech News: What Twitter’s Large-Scale Crypto Scam Means for EnterprisesOpens a new window
Noted author Don Winslow in his recent tweetOpens a new window expressed security concerns on a larger scale.
If “they†can hack the Twitter account of a former President of the United States – @BarackObamaOpens a new window – how hard do you think it’s going to be to hack electronic voting machines in Michigan, Wisconsin, North Carolina, Georgia, Florida?
— Don Winslow (@donwinslow) July 18, 2020Opens a new window
Meanwhile, former FBI agent and author of Russians and Fake News offered a different take Opens a new window on the situation:
Believe this was everyone’s big worry on Wednesday. Still only a theory, but – Hack of Twitter might be a diversion to mask other activities of greater consequence.
— Clint Watts (@selectedwisdom) July 18, 2020Opens a new window
Amid the chaos, the tech firm added that it wouldn’t share any technical details with the public to maintain the effectiveness of remediation efforts and “will provide more technical details, where possible, in the future.â€Opens a new window
Twitter claims that the attackers did not view any passwords as they are not stored in plain text, but for the accounts that were compromised, the investigation is ongoing.
As per news reports, both the FBI and the New York State have opened investigations into the July 15th hack, which has also raised several questions related to the security of its systems. The social tech giant confirmed it is working with law enforcement and is rolling out additional company-wide training to guard against social engineering tactics.
In the high-risk environment, people have become the new focal point for bad actors — the weakest link in the enterprise cybersecurity strategy. Security teams need to monitor when and how a trusted account is being leveraged for malicious activities and stop the threats at the earliest. This means laying the groundwork for supplemental training against phishing attacks and re-factoring the behavioral understanding of the mobile, remote workforce. Meanwhile, Twitter also faces another uphill battle — winning the trust of users.
Let us know if you liked this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!