Twitter has finally released information on the hack it suffered earlier in July where high profile accounts were breached, and hijacked to post cryptocurrency scams.
Victims of the attack, which was perpetrated by hackers with access to Twitter’s internal account management support tools, included Amazon’s Jeff Bezos, Elon Musk, Bill Gates, Joe Biden, Barack Obama, and Kanye West.
Twitter’s latest update on the incident includes further information about how hackers were able to breach its security, and rejects the notion that an employee deliberately assisted stating:
The social engineering that occurred on July 15, 2020, targeted a small number of employees through a phone spear phishing attack. A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools.
The Twitter employee or contractor, thinking they were speaking to a legitimate support person authorized to have access to information is likely to have revealed more details on the phone than they would via email or a conventional phishing website, providing access to the information
This could be equally as possible that the conversation is initiated by a scammer calling the employee, perhaps using a VOIP phone service, and using caller ID spoofing to pretend to be ringing from a legitimate number, and seeming confident, or friendly enough, to be trusted.
At OptfinITy, we take cybersecurity seriously, which is why we offer each client several check-in meetings per year to ensure they are constantly updated on new phishing scams and remain as protected as possible. If you are interested in hearing more regarding our services, please call (703)790-0400 or email us at firstname.lastname@example.org