Twitter has provided an update on its recent hack which saw multiple high-profile users hijacked to spread a Bitcoin scam generating over $100,000 for hackers. The company blames a “phone spear phishing attack” on employees for granting access to internal systems for the hackers. Beyond spreading a Bitcoin scam, the company has confirmed the intruders accessed the private account details including direct messages (DMs) of some accounts.
The Independent reports that tech giant Twitter has shared an update in a blog post about the recent major hack of its platform which saw the accounts of Bill Gates, Elon Musk, Barack Obama, Joe Biden, and Jeff Bezos hijacked by hackers and used to promote a Bitcoin scam.
Twitter said that the sites entire system was targeted in the hack, now the company has confirmed that the hack was a “phone spear phishing attack” that targeted a small number of Twitter employees. Spear phishing is a technique in which hackers trick victims into believing that they’re someone they’re not in order to gain access to personal information, in the case of the Twitter hack it was access to account management tools.
The hackers used credentials from Twitter employees to access Twitter’s internal systems and gain an insight into how the site operates, which then allowed them to target employees who had access to account support tools.
In its blog post, Twitter stated:
The attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7.
We will provide a more detailed technical report on what occurred at a later date given the ongoing law enforcement investigation and after we’ve completed work to further safeguard our service.
It was initially reported that hackers may have paid a Twitter employee for access to the account tools, Twitter now appears to be denying this. Motherboard claimed that it spoke to one of the hackers behind the incident who stated that a Twitter employee was paid for access, which may or may not be the case.
In a previous blog post, Twitter revealed further details of the hack stating that hackers used the “Your Twitter Data” tool to gain access to the account information of at least eight of the hacked accounts but did not clarify which accounts were affected. The company did say that it would be reaching out to the affected accounts, some of which include Democratic Presidential candidate Joe Biden, Former President Barack Obama, Amazon CEO Jeff Bezos, Tesla CEO Elon Musk, Microsoft founder Bill Gates, and the official accounts of ridesharing service Uber and tech giant Apple.
Twitter stated in its blog post that the company was “embarrassed,” writing:
We’re acutely aware of our responsibilities to the people who use our service and to society more generally. We’re embarrassed, we’re disappointed, and more than anything, we’re sorry. We know that we must work to regain your trust, and we will support all efforts to bring the perpetrators to justice. We hope that our openness and transparency throughout this process, and the steps and work we will take to safeguard against other attacks in the future, will be the start of making this right.
Read more at Breitbart News here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address firstname.lastname@example.org