Twitter employees fell into phishing allowing mass coup


The attack that rocked Twitter in mid-July gained new details about how it worked. The company shared more findings about how the scam happened, allowing cryptocurrency fraud to be posted on profiles of celebrities like Elon Musk and Bill Gates.

“The July 15, 2020 attack targeted a small number of employees by a targeted phishing scam over the phone. This attack was based on a significant and orchestrated attempt to deceive certain employees and exploit human vulnerabilities to gain access to our internal systems” says the social network.

According to the publication, the criminals obtained the credentials of a single member of the team and, from that, they were able to deceive co-workers successively – until reaching those who had access to the profile support tools. With this power, it was possible to publish fake messages on hacked profiles, download profile data and even access private messages from some of the accounts.

As a preventive measure, access to these systems was limited on Twitter, which means that support on the network may be slower. All tools used by the platform are proprietary and must be modified after the incident.

What really happened?

It is not yet possible to draw the whole scenario behind the attack, but the new publication brings some new information. Twitter had previously mentioned that the attack involved sophisticated social engineering and, knowing that phone phishing scams were applied, a good guess is that the criminals pretended to be such an employee to obtain credentials and gain access to the system’s internal tool.

See Also
Twitter Will Alert Users To 'Read' Before Retweeting A News

More details on how the attack actually happened will be revealed only later, as the event is under investigation even by the FBI and not all efforts to expand protection for employees and users have been completed. The New York Times recently published an interview with the alleged hackers involved.


Please enter your comment!
Please enter your name here