Twitter says hack targeted employees using 'spear phishing'

Twitter says hack targeted employees using 'spear phishing'

Twitter said bitcoin scammers who accessed dozens of high-profile accounts used
Twitter said bitcoin scammers who accessed dozens of high-profile accounts used "spear phishing" to trick a handful of employees into giving up their credentials to access the system

SAN FRANCISCO - The hackers who accessed dozens of high-profile Twitter accounts in mid-July gained access to the system with an attack that tricked a handful of employees into giving up their credentials, according to a company update.

Twitter said in a security update late Thursday that the July 15 incident by bitcoin scammers stemmed from a "spear phishing" attack which deceived employees about the origin of the messages.

The hackers "targeted a small number of employees through a phone spear phishing attack," according to a Twitter Support statement.

"This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems."

Twitter said that following the incident it has "significantly limited access to our internal tools and systems" and is taking additional steps to tighten security.

The massive hack of high-profile users from Elon Musk to Joe Biden affected at least 130 accounts as part of an effort to dupe people into sending hackers the virtual currency bitcoin.

The official accounts of Apple, Uber, Kanye West, Bill Gates, Barack Obama and others were also affected.

Faked tweets were sent from 45 accounts, according to Twitter, and the hackers accessed private messages of 36 and downloaded Twitter data from seven.

Law enforcement is also investigating the incident which has raised concerns about the security of the platform increasingly used for conversations on politics and public affairs.

John Dickson of the security firm Denim Group said the latest disclosure does not necessarily suggest a sophisticated attack from a nation-state.

"They conned people over the phone," Dickson said, saying it may have been possible to find targets through research on LinkedIn or Google.

"This is like the original hackers from the 1980s and 1990s; they were very good at conning people and getting them to give their credentials."

Dickson said the origin of the hack is still not clear but added that "I would not assume" it came from a state-backed operation.

Do you like the content of this article?
COMMENT (1)

DSI hands report on kinnaree street lights graft to NACC

The Department of Special Investigation has forwarded its investigation report on alleged corruption in awarding contracts worth 975 million baht for the installation of solar powered street lights in Samut Prakan's Bang Phli district to the National Anti-Corruption Commission (NACC) for consideration.

16:46

Oil depot supervisor charged with starting B40m fire

An employee of Prapakorn Oil Co has been arrested and charged for allegedly starting a fire that gutted the company's lubricant depot because she was angry with her boss.

16:03

Japan stops flight bookings despite WHO Omicron travel ban warning

Japan suspended all new flight bookings into the country from Wednesday in response to Omicron, ignoring a World Health Organization warning against blanket travel bans as the new coronavirus strain spread further around the world.

16:00