Twitter claims a phishing attack on a small number of its employees was what enabled bitcoin scammers to hack the accounts of Kim Kardashian, Elon Musk and other high-profile users Hackers used spear phishing attack to steal personal information of Twitter staff This gave access to the internal account management tools of high-profile users Attackers targeted 130 Twitter accounts, ultimately tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter data of 7 By Joe Pinkstone For Mailonline Published: 09:27 BST, 31 July 2020 | Updated: 09:27 BST, 31 July 2020 Twitter has revealed more details as to how some high profile accounts were hacked earlier this month.In a statement on its website, the firm revealed a ‘spear phishing’ attack was used to pilfer the personal details of unsuspecting Twitter staff and contractors.This involves hackers sending emails that appear to be from a known or trusted sender in order to trick victims into revealing confidential information.This information was then used to gain access to internal account management tools which gave hackers free rein.
The cyber attack last week saw former US president Barack Obama, Microsoft founder Bill Gates and rapper Kanye West among the high-profile accounts affected.Accounts of Elon Musk, Joe Biden, Jeff Bezos, Kim Kardashian West, Mike Bloomberg, Apple and Uber are also known to have been hit.Tweets were simultaneously posted promoting a Bitcoin scam which promised followers free money if they transferred funds to a specific digital wallet.
Scroll down for video Twitter says 130 accounts were targeted in the mass hack that occurred last week and a smaller amount had their private messages (DMs) breached as well.
Access to the accounts was garnered by hackers via spear phishing attacks (file photo) The initial attack from the hackers saw them obtain login details to some of Twitter’s tools, but not the management-level access required to breach an account.But the information garnered from the first employees was used to then go after the staff members who did have such access.‘Using the credentials of employees with access to these tools, the attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7,’ Twitter said.It is thought the orchestrators of the hack made about $121,000 from 400 payments.The cyber attack last week saw former US president Barack Obama, Microsoft founder Bill Gates and rapper Kanye West among the high-profile accounts affected.Tweets were simultaneously posted promoting a Bitcoin scam which promised followers free bitcoin if they transferred funds to a specific digital wallet Twitter says hackers ‘manipulated’ employees to access 130 accounts Twitter said last week that hackers ‘manipulated’ some of its employees to access accounts.More than $100,000 worth of the virtual currency was sent to email addresses mentioned in the tweets, according to Blockchain.com, which monitors crypto transactions.‘We know that they accessed tools only available to our internal support teams to target 130 Twitter accounts,’ said a statement posted on Twitter’s blog.
For 45 of those accounts, the hackers were able to reset passwords, login and send tweets, it added, while the personal data of up to eight unverified users was downloaded.Twitter locked down affected accounts and removed the fraudulent tweets.
It also shut off accounts not affected by the hack as a precaution.The statement does not give any more details on exactly how the information was garnered other than it was via a spear phishing attack.
Generally, spear phishing is where criminals target an individual and use correct information about them to lull them into a false sense of security.
This fraudulent practice gains the trust if the individual and tricks them into handing over emails and sometimes passwords.This information is extremely valuable to hackers as it can be used to try and access other accounts the individual may have access to.In this case that was the internal tools at Twitter, but the technique is often used to obtain banking details.Twitter adds that it has tightened restrictions on who can access the internal account management tools.‘As a result, some features (namely, accessing the Your Twitter Data download feature) and processes have been impacted,’ it says.‘We will be slower to respond to account support needs, reported Tweets, and applications to our developer platform,’ said Twitter.‘We’re sorry for any delays this causes, but we believe it’s a necessary precaution as we make durable changes to our processes and tooling as a result of this incident.
‘We will gradually resume our normal response times when we’re confident it’s safe to do so.’ Share or comment on this article:.