Celebrity Twitter hack caused by ‘phone spear phishing attack’

31 Jul 2020

Image: © Denys Prykhodov/Stock.adobe.com

In an update on the recent hacking incident, Twitter said that attackers gained access to internal networks as well as specific employee credentials.

Earlier this month, Twitter experienced a major hack targeting high-profile accounts such as Elon Musk, Bill Gates, Jeff Bezos, Mike Bloomberg and Kanye West.

The breach saw hackers collect $116,000 worth of bitcoin in a coordinated scam. The perpetrators used verified Twitter accounts to falsely claim that they would send $2,000 to other Twitter others in exchange for $1,000 of bitcoin.

In the weeks since, Twitter has been investigating how the attack occurred and how similar attacks can be prevented in the future. Yesterday (30 July), it published an update on the incident, saying that it was the result of a phone spear phishing attack targeting employees.

The company said that the attack relied on a “significant and concerted attempt to mislead certain employees and exploit human vulnerabilities” to gain access to internal systems.

Security update

“A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools,” Twitter said.

The company added that not all of the employees who were initially targeted had permissions to use account management tools, but the attackers used their credentials to access the firm’s internal systems and gain information about Twitter’s processes.

“This knowledge then enabled them to target additional employees who did have access to our account support tools. Using the credentials of employees with access to these tools, the attackers targeted 130 Twitter accounts, ultimately tweeting from 45, accessing the DM inbox of 36 and downloading the Twitter data of seven.”

The company also addressed concerns about its tools and levels of employee access. Two former Twitter staff recently claimed that more than 1,000 employees at the company may have had access to tools to edit user account settings or hand access over to others. In its update, Twitter said that access to the tools that can be used to edit user settings is “strictly limited” and is only granted for valid business reasons.

“We have zero tolerance for misuse of credentials or tools, actively monitor for misuse, regularly audit permissions, and take immediate action if anyone accesses account information without a valid business reason,” the company said.

“This was a striking reminder of how important each person on our team is in protecting our service. We take that responsibility seriously and everyone at Twitter is committed to keeping your information safe.”

The company went on to outline the measures it has taken to protect its service since the attack, and said it would publish a more technical report on what occurred at a later date. The security update can be read here.

Kelly Earley was a journalist with Silicon Republic

editorial@siliconrepublic.com