Several high-profile Twitter accounts were targeted recently in an attack that involved the hackers accessing internal Twitter systems and tools.
Twitter said the attackers targeted roughly 130 accounts, but only some of them were actually compromised. The hackers used the hijacked accounts to post tweets that attempted to convince their followers to send bitcoin to a specified address. Hundreds of people fell for it and sent over $100,000 in bitcoin to the scammers.
Twitter has only shared limited technical information about the attack, but some victims say the attackers hijacked their accounts by changing the associated email address and initiating the password reset process. Since the targeted accounts were now linked to the hackers’ email address, they could change the victim’s password and disable any security measures.
The attackers, which allegedly had help from a Twitter employee, may be involved in SIM swapping schemes. Some of these individuals claimed just days before the Twitter hack that they could change the email address on any account.
Industry professionals have commented on various aspects of this breach, including why it was possible, how it could have been prevented, and its potential impact.
And the feedback begins…
Mikko Hyppönen, chief research officer, F-Secure:
“This was the biggest security breach in Twitter's history, but ordinary users were not affected by it at all – unless they fell for the scams posted by the hacked celebrities.
The way this hack was done also means that there's nothing any users could have done to prevent it from happening.< ..
Support the originator by clicking the read the rest link below.
