Attackers of this month’s epic Twitter hack targeted a small number of employees during a “phone spear fraud attack,” a social media website reported Thursday night. When an employee was unable to grant access to account support tools, hackers targeted additional employees who had permission to use the tools.
“This attack was based on a significant and concerted attempt to mislead certain employees and exploit people̵7;s vulnerabilities to gain access to our internal systems,” Twitter officials wrote in a statement. “It was a stark reminder of how important each person on our team is in protecting our services. We take this responsibility seriously and all Twitter members are committed to protecting your information.
Thursday’s update also revealed that hackers downloaded personal data from seven accounts, but did not say which one.
The record was the last updated July 15 hacking investigation that hijacked the accounts of the world’s most famous celebrities, politicians and executives and sounded links to Bitcoin fraud. The small selection of account holders included vice president Joe Biden, philanthropist and former Microsoft founder, CEO, chairman Bill Gates, Tesla founder Elon Musk and pop star Kanye West.
It took hours for Twitter to return account management to its rightful owners. In some cases, hackers regained control of the accounts even after they were recovered, leading to intruders and company employees causing a war tug.
A few hours after the violation was posted, Twitter said it had lost control of its internal administrative systems to hackers who paid, cheated or forced one or more employees of the company as a result of the incident. Since then, company officials have provided regular updates. The latest report came out last week when Twitter said hackers used their access to read private messages from 36 hijacked accounts, and phone numbers and other private messages could be seen by 130 affected users.
Free employee rein
Critics said the incident showed that Twitter did not exercise proper control to prevent sensitive user information from entering the company’s inside information or the people who directed it. Twitter has vowed to investigate how outsiders have gained access to sensitive internal systems and to take steps to prevent similar attacks in the future.
Thursday’s update provided more information on how internal system and account tools work. He said:
For a successful attack, attackers had to gain access to our internal network and special staff credentials that give them access to our internal support tools. Not all employees originally targeted by the application had permission to use account management tools, but attackers used their authority to access our internal systems and obtain information about our processes. This knowledge then allowed them to target additional employees who had access to our account support tools. Using the credentials of employees with access to these tools, the attackers targeted 130 Twitter accounts, eventually Tweeting out of 45, reached 36 DM mailboxes, and downloaded 7 Twitter data.
The update states that since the attack, the company has “significantly” restricted employee access to internal tools and systems while the investigation continues. Restrictions primarily affect the feature that allows users to download their Twitter data, but other services will also be temporarily restricted.
“We’ll be slow to respond to account support needs, Tweets notifications, and apps on our developer platform,” the update said. “We apologize for any delays associated with this reason, but we believe it is a necessary precaution because we are making long-term changes to our processes and tools as a result of this event. We will gradually update our normal response time when we are sure it is safe to do so. Thanks for your patience as we do this. “
Thursday night’s report also states that the company is stepping up unspecified and “existing safety work programs and improvements to our tools” and prioritizing safety work across teams. Twitter is also improving the way it detects and prevents “inappropriate” access to internal systems.