The attack that rocked Twitter in mid-July gained new details about how it worked. The company shared more findings about how the scam happened, allowing cryptocurrency fraud to be posted on profiles of celebrities like Elon Musk and Bill Gates.
“The July 15, 2020 attack targeted a small number of employees by a targeted phishing scam over the phone. This attack was based on a significant and orchestrated attempt to deceive certain employees and exploit human vulnerabilities to gain access to our internal systems” says the social network.
We’re sharing an update based on what we know today. We’ll provide a more detailed report on what occurred at a later date given the ongoing law enforcement investigation and after we’ve completed work to further safeguard our service. https://t.co/8mN4NYWZ3O
— Twitter Support (@TwitterSupport) July 31, 2020
According to the publication, the criminals obtained the credentials of a single member of the team and, from that, they were able to deceive co-workers successively – until reaching those who had access to the profile support tools. With this power, it was possible to publish fake messages on hacked profiles, download profile data and even access private messages from some of the accounts.
As a preventive measure, access to these systems was limited on Twitter, which means that support on the network may be slower. All tools used by the platform are proprietary and must be modified after the incident.
What really happened?
It is not yet possible to draw the whole scenario behind the attack, but the new publication brings some new information. Twitter had previously mentioned that the attack involved sophisticated social engineering and, knowing that phone phishing scams were applied, a good guess is that the criminals pretended to be such an employee to obtain credentials and gain access to the system’s internal tool.
More details on how the attack actually happened will be revealed only later, as the event is under investigation even by the FBI and not all efforts to expand protection for employees and users have been completed. The New York Times recently published an interview with the alleged hackers involved.