The hackers who stood in this month’s epic demolition on Twitter targeted a small number of employees through a “telephone spear fishing attack,” the social media site said Thursday night. When the credentials of fraudulent employees failed to allow access to account support tools, the hackers targeted additional workers who had the necessary permissions to access the tools.
“This attack relied on a substantial and coordinated effort to defraud some employees and exploit human vulnerabilities to gain access to our internal systems,”; Twitter officials wrote in a post. “It was a surprising reminder of how important each person on our team is in defending our service. We take that responsibility seriously and everyone on Twitter is committed to keeping your information safe.
Thursday’s update also revealed that hackers downloaded personal data from seven of the accounts, but did not say which ones.
The post was the latest update to the July 15 revenge investigation that hijacked accounts belonging to some of the world’s most famous celebrities, politicians and executives and prompted them to tweet links to Bitcoin scams. A small sample of account holders included Vice President Joe Biden, philanthropist and former Microsoft founder, CEO and Chairman Bill Gates, Tesla founder Elon Musk, and pop star Kanye West.
It took hours on Twitter to return control of accounts to their rightful owners. In some cases, hackers regained control of the accounts even after they had recovered, resulting in a fight between the intruder and the company employees.
Hours after checking out the breach, Twitter said the incident was the result of losing control of its internal administrative systems to hackers who paid, cheated or coerced one or more company employees. Company officials have provided regular updates since then. The latest came last week, when Twitter said hackers used their access to read private messages from 36 hijacked accounts and that phone numbers and other private messages were visible to 130 affected users.
The employee is restrained for free
Critics said the incident showed that Twitter did not implement proper controls to prevent sensitive user information from falling into the hands of the company’s suicide bombers or the people who targeted them. Twitter has vowed to investigate how aliens gained access to sensitive internal systems and take steps to prevent similar attacks in the future.
Thursday’s update provided more colors for the operation of internal systems and account tools. She said:
A successful attack required attackers to have access to our internal network, as well as the specific credentials of employees that gave them access to our internal tools of assistance. Not all of the targeted employees were originally allowed to use the account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes. This knowledge then enabled them to target additional employees who had access to our account assistance tools. Using employee credentials with access to these tools, the attackers targeted 130 Twitter accounts, eventually Tweeting out of 45, entering the DM box of 36, and downloading Twitter Data of 7.
The update said that since the attack, the company has “significantly” restricted employees’ access to internal tools and systems as the investigation continues. Restrictions mainly affect a feature that allows users to download their data to Twitter, but other services will also be temporarily restricted.
“We will be slower to respond to account help needs, reported Tweets and apps on our developer platform,” the update said. “We’re sorry for any delay this causes, but we believe it is a necessary precaution as we make sustained changes to our processes and tools as a result of this incident. We will gradually resume our normal response times when we are “I’m sure it’s safe to do so. Thank you for your patience as we work through this.”
Thursday night’s post also said the company is accelerating unspecified and “pre-existing security work plans and upgrades to our vehicles” and prioritizing security work on various teams. Twitter is also improving ways to detect and prevent “inappropriate” access to internal systems.