Twitter Confirms Spear-Phishing Attack Caused Account Takeover

Jul 31, 2020 10:00 am Cyber Security 217

Twitter Confirms Spear-Phishing Attack Caused Account Takeover

Twitter has confirmed that the social engineering attack which enabled the takeover of major accounts was achieved by a spear-phishing attack.





In an update to its previous statement, Twitter said the attack occurred on July 15 and “targeted a small number of employees through a phone spear-phishing attack.” This attack enabled the attackers to obtain access to both the internal network and specific employee credentials that granted them access to internal support tools.





“Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes,” it said. This then enabled them to target additional employees who had access to account support tools.





Using the credentials of the employees with access to these tools, the attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36 and downloading the Twitter data of seven. 





In the initial attack, Twitter said on 16 July that the coordinated account hijacking campaign wad done by a “coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.” For a period of time, accounts with millions of followers belonging to Jeff Bezos, Bill Gates, Barack Obama, Joe Biden, Elon Musk, Kanye West and others were briefly hijacked and used to promote a cryptocurrency scam. The corporate accounts of Apple, Bitcoin, Coinbase and others were also taken over.





A twitter confirms spear phishing attack caused account takeover

Read The Rest from the original source
infosecurity-magazine.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!