- Twitter printed an substitute on its investigation into the highly visible hack it suffered earlier this month.
- It says the hack started with a “phone spear phishing attack” on a shrimp series of employees.
- The attackers worn these preliminary employees’ credentials to be taught extra about Twitter’s processes, and then aim extra employees with elevated levels of entry to inner tools.
- Focus on over with Alternate Insider’s homepage for added studies.
The hack that landed Twitter in the headlines earlier this month seems to occupy started with a phone call.
Twitter on Thursday printed an substitute on its investigation into the hack that took location on July 15, when hackers won entry to 130 accounts and tweeted links to a bitcoin scam from high-profile accounts alongside with those belonging to Barack Obama, Joe Biden, Elon Musk, Invoice Gates, Kim Kardashian, and extra.
Twitter mentioned the hack started with a “phone spear phishing attack” on a shrimp series of employees. Spear phishing is a centered attack on utter people or an organization, which comprises deceiving any individual into thinking you are a member of the aim’s company, or any individual else they have confidence.
It seems the hackers had been ready to talk a minimal of one of the most vital employees into telling them their credentials.
“A a hit attack required the attackers to murder entry to both our inner network besides to utter employee credentials that granted them entry to our inner succor tools. Now not all of the employees that had been in the muse centered had permissions to make utilize of legend management tools, but the attackers worn their credentials to entry our inner systems and collect info about our processes. This knowledge then enabled them to condominium extra employees who did occupy entry to our legend succor tools,” Twitter wrote in its blog.
Stories emerged rapidly after the hack that the hackers had won entry to an inner employee dashboard which allowed them to alternate the emails associated with accounts and reset their passwords.
“The utilize of the credentials of employees with entry to those tools, the attackers centered 130 Twitter accounts, sooner or later Tweeting from 45, having access to the DM inbox of 36, and downloading the Twitter Data of seven,” the company added.
Previously Twitter mentioned as much as 8 accounts had had their files downloaded by the hackers.
Real Life. Real News. Real Voices
Help us tell more of the stories that matterBecome a founding member
Subscribe to the newsletter news
We hate SPAM and promise to keep your email address safe