Earlier this month, Twitter accounts of high-profile celebrities, businessmen and politicians hacked to peddle a cryptocurrency scam. The investigation has now revealed that Twitter found that the massive hack was the result of a spear-phishing attack. It added that the hack “significantly limited” access to its internal tools.
The microblogging platform explained that hackers had access to one of the employees’ credentials and used it to target others as well to gain access to its internal support tools. Twitter also highlighted that not all its employees who were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes.
“This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems. This was a striking reminder of how important each person on our team is in protecting our service,” Twitter said in a blog post.
Spear phishing is an email or electronic communications scam targeted towards a specific individual, organisation or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer.
Twitter noted that the phishing attack took place on July 12, 2020. Once the hackers gained entry, they targeted 130 Twitter accounts. Of which it tweeted from 45, accessed DM inbox of 36 and downloaded the data of eight users. The social media platform has noted that none of the eight profiles were verified.
Some prominent names that were impacted were former US president Barack Obama, US president candidate Joe R Bide, rapper Kanye West, Microsoft founder Bill Gates and Tesla’s Elon Musk. Institutional handles like Apple were also hacked.
After the breach, India’s nodal agency for cybersecurity, the Indian Computer Emergency Response Team (CERT-In) has issued a notice to Twitter, instructing the social media platform to provide details of the recent global hack.
According to media reports citing sources, the agency sought complete information on the number of Indian users affected, the impact on data and remedial measures taken by the company to prevent such attacks in the future. CERT-In also wanted an update on the information of vulnerability exploited by attackers and modus operandi of the attack.
In its latest blog, Twitter has highlighted that it has ‘significantly limited access to their internal tools and systems. But for the time being, its response time to support needs and reports will be slower until the company can safely resume its operations.
The Twitter team is also constantly updating and improving to make the tools, controls and processes more sophisticated. Overall, the microblogging site is accelerating several of their pre-existing security work streams and improving methods for detecting and preventing inappropriate access to its internal systems.