Twitter Says ‘Phone Spear Phishing’ Let Hackers Gain Employee Credentials

Twitter Says ‘Phone Spear Phishing’ Let Hackers Gain Employee Credentials

https://unsplash.com/photos/cJDwJ4X2IrQ

(Sara Kurfeß/Unsplash)

Twitter revealed that a number of employees fell victim to a “phone spear phishing attack” in a new update on how its systems were compromised in the social media giant’s largest hack to date on July 15, according to a blog post shared Thursday.

  • A spear-phishing attack is a targeted attempt to steal information such as account details or financial information from a particular individual, in this case, Twitter employees via their phones.
  • The success of the hack hinged on two key factors – that the hacker(s) gained access to Twitter’s internal network and that they obtained the credentials from specific Twitter employees.
  • The credentials of the employees provided “god mode” access to Twitter’s internal support tools, blockchain startup Make Sense Labs’ CTO Ben Sigman previously told CoinDesk.
  • According to Twitter, not all employees that had been targets of the phishing attack had the necessary permissions to use account management tools.
  • The hackers instead gained access to Twitter’s internal systems and discovered further information relating to the social media giant’s processes allowing the hackers to target employees who did have that access to support management tools. The New York Times previously reported that the hackers found additional credentials in the company’s Slack server.
  • The hacker(s) targeted 130 Twitter accounts tweeting bitcoin giveaway scams and accessing the DM inbox from 36 accounts including CoinDesk’s.
  • Twitter said the attack relied on a “significant and concerted effort” to mislead particular employees and “exploit human vulnerabilities” in order to gain access to its platform.
  • Since the hack, Twitter said it has “significantly” limited access to its internal support management tools to “ensure ongoing account security” while it finalizes its investigation.
  • For the time being, features such as its “Your Twitter Data” and processes have been impacted by the limitation of its tools.
  • A detailed technical report on the hack is expected to be released at a later date as it awaits ongoing law enforcement investigations and further work to safeguard its platform.
  • Bitcoin
  • Ethereum
  • Litecoin
  • Zcash
Scan to Donate Bitcoin to bc1qcc3xajxvdqjnx2f7j7sfcfun7jagr0nh94fa2e

Donate Bitcoin to this address

Scan the QR code or copy the address below into your wallet to send some Bitcoin

Scan to Donate Ethereum to 0x704671D7591d05Dd0790E86Aee964558E9347b07

Donate Ethereum to this address

Scan the QR code or copy the address below into your wallet to send some Ethereum

Scan to Donate Litecoin to ltc1q7tj9ydra9ylkelu42vypp6cu2v0msf5lc2p5mq

Donate Litecoin to this address

Scan the QR code or copy the address below into your wallet to send some Litecoin

Scan to Donate Zcash to t1LiPaQ7gsSL23FbjXswpSoguP6yAE1xj5B

Donate Zcash to this address

Scan the QR code or copy the address below into your wallet to send some Zcash

 86 Interactions,  2 today

Crypto & Finance News