Twitter has released an update on the extent of the Bitcoin scam that took over the profiles of over a hundred high profile users.
The firm already confirmed that 130 Twitter accounts fell to the cyberattack. The hackers gained full access to 45 of those accounts. And they managed to download the personal information and history on eight of those. They used the “Your Twitter Data” tool and Direct Messages to pull it off.
For now, Twitter says on its update that they can only provide limited information on the incident.
While the investigation is ongoing, it gave these additional insights on what happened:
“The attack on July 15th, 2020, targeted a small number of employees through a phone spear phishing attack. This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities in order to gain access to our internal systems.”
Phone spear phishing means the caller convinced the persons they were calling that they are from an organization or department that needed their details. They often use the names of government agencies and IT teams to persuade their targets. Then the caller pieces together the gathered information to gain access information.
“Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes. This knowledge then enabled them to target additional employees who did have access to our account support tools,” said Twitter, as it provided further context in its updated blogpost.
A deliberate hack
The deliberate process to gain information bit by bit gave the hackers the means to access the accounts. Their phone hacks became more persuasive. They had more employee names, the details on how the system works, and insights to sound more convincing as they progressed.
“By obtaining employee credentials, they were able to target specific employees who had access to our account support tools. They then targeted 130 Twitter accounts – Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7. While these tools, controls, and processes are constantly being updated and improved, we are taking a hard look at how we can make them even more sophisticated,” added Twitter.
The scope of the attack almost the same as previous updates. The only difference is the number of accounts that had their data downloaded. The number is down to seven, from eight on the previous report.
“We’ve significantly limited access to our internal tools and systems [and] we’re accelerating several of our pre-existing security workstreams and improvements to our tools. We are also improving our methods for detecting and preventing inappropriate access to our internal systems and prioritizing security work across many of our teams,” said Twitter.
The New York Times reported two days after the incident that a hacker named Kirk gained access to Twitter’s administration tools. First, he was added to Twitter’s Slack channel through phone spear phishing and gathered the details to access the firm’s internal tools. Kirk ceased interviews with NYT when the FBI publicized their involvement.