A recent report from Reuters alleges that over 1,000 Twitter employees and contractors had access to internal tools that were used to hack 130 high-profile accounts to spread a Bitcoin scam. The private information including direct messages of dozens of accounts was also accessed in the hack.
Reuters reports that over 1,000 Twitter employees and contractors had access to internal tools that would allow them to alter user account information and gain control of the account entirely, according to two former employees.
Twitter and the FBI are both investigating the recent hack of the site which saw 130 accounts affected and multiple high-profile accounts used to promote a Bitcoin scam. Hackers were reportedly able to reset the passwords of 45 of the hacked accounts.
The company said that it would be reaching out to the affected accounts, some of which include Democratic Presidential candidate Joe Biden, Former President Barack Obama, Amazon CEO Jeff Bezos, Tesla CEO Elon Musk, Microsoft founder Bill Gates, and the official accounts of ridesharing service Uber and tech giant Apple.
It has been estimated that the hackers managed to generate around $100,000 from the Bitcoin scams which encouraged the followers of high-profile accounts to send Bitcoin to a particular address in order to receive double the amount of Bitcoin they sent back. Of course, no Bitcoin was ever sent back to those that sent coins to the hackers’ wallets.
Former employees familiar with Twitter security practices told Reuters that many people could have helped hackers gain access to the accounts, including some at contractor companies such as Cognizant.
Twitter declined to comment on the number of employees that could have aided hackers in the hijacking, but said that the firm was looking for a new security head, working to better secure its system and training employees to be aware of social engineering tactics by hackers. Cognizant did not respond to Reuter’s request for comment.
Edward Amoroso, former chief security officer at AT&T said: “That sounds like there are too many people with access,” adding that responsibilities amongst staff should have been divided with access rights limited depending on each employee’s role. Amoroso also suggested that more than one person be required to agree to make sensitive account changes. “In order to do cyber security right, you can’t forget the boring stuff,” he said.
Ron Gula, a cybersecurity investor who co-founded network security company Tenable, commented on the hack stating: “The question really is: Does Twitter do enough to prevent account takeovers for our presidential candidates and news outlets when faced with sophisticated threats that leverage whole-of-nation approaches?”
Twitter CEO Jack Dorsey said in a company earnings call earlier this week: “We fell behind, both in our protections against social engineering of our employees and restrictions on our internal tools.”
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address firstname.lastname@example.org