Twitter Says ‘Phone Spear Phishing’ Let Hackers Gain Employee Credentials
Twitter revealed that a number of employees fell victim to a âphone spear-phishing attackâ in a new update on how its systems were compromised in the social media giantâs largest hack to date on July 15, according to a blog post shared Thursday.
- A spear-phishing attack is a targeted attempt to steal information such as account details or financial information from a particular individual, in this case, Twitter employees via their phones.
- The success of the hack hinged on two key factors â that the hacker(s) gained access to Twitterâs internal network and that they obtained the credentials from specific Twitter employees.
- The credentials of the employees provided âgod modeâ access to Twitterâs internal support tools, blockchain startup Make Sense Labsâ CTO Ben Sigman previously told CoinDesk.
- According to Twitter, not all employees that had been targets of the phishing attack had the necessary permissions to use account management tools.
- The hackers instead gained access to Twitterâs internal systems and discovered further information relating to the social media giantâs processes allowing the hackers to target employees who did have that access to support management tools. The New York Times previously reported the hackers found additional credentials in the company's Slack server.
- The hacker(s) targeted 130 Twitter accounts, tweeting bitcoin giveaway scams and accessing the DM inbox from 36 accounts including CoinDesk's.
- Twitter said the attack relied on a âsignificant and concerted effortâ to mislead particular employees and âexploit human vulnerabilitiesâ in order to gain access to its platform.
- Since the hack, Twitter said it has âsignificantlyâ limited access to its internal support management tools to âensure ongoing account securityâ while it finalizes its investigation.
- For the time being, features such as its âYour Twitter Dataâ and processes have been impacted by the limitation of its tools.
- A detailed technical report on the hack is expected to be released at a later date as Twitter awaits ongoing law enforcement investigations and further work to safeguard its platform.
- Officials Arrest 3 Allegedly Behind Twitter Hack
- Ripple Paid MoneyGram $15.1M in âMarket Development Feesâ in Q2
- Coinbase Considering 19 Additional Cryptos for Exchange Listing
- Bank of Japan Puts Top Economist in Charge of Digital Yen Initiative
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.