Skip to main content

Twitter offers more details on how hackers cracked its internal systems

Twitter has shared another update on its investigation into the major hack that targeted numerous high-profile accounts on its platform on July 15.

In a blog post and series of tweets, the company said the perpetrators began by targeting a small number of employees through a phone spear phishing attack. This involves a hacker calling a target and pretending to be a trusted person to extract specific information that ultimately enables them to gain entry to an internal computer system.

“A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools,” Twitter said in its blog post. “Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes.”

It said that this knowledge “then enabled them to target additional employees who did have access to our account support tools. Using the credentials of employees with access to these tools, the attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7.”

Targeted accounts included those of prominent political figures such as former President Barack Obama and former Vice President Joe Biden, as well as the likes of Tesla and SpaceX CEO Elon Musk, Microsoft co-founder Bill Gates, and celebrity Kanye West.

The company said that although its internal tools, controls, and processes are constantly being updated and improved, it’s now “taking a hard look” at how it can make them more secure.

Mindful of the concern the attack has caused among the Twitter community, the company insisted, “Everyone at Twitter is committed to keeping your information safe. We recognize the trust you place in us, and are committing to earning it by continued open, honest and timely updates anytime an incident like this happens.”

The scam involved a fake tweet that appeared on the targeted accounts that encouraged followers to send payments to a Bitcoin wallet, with hundreds of people doing just that. When Twitter spotted the attack, it locked down the affected accounts and removed the bogus tweets.

Last week the incident took a darker turn when it emerged that the hackers had been able to download data linked to some of the accounts, and also managed to obtain access to the direct messages of others.

Twitter has promised to provide a more detailed report on the incident once law enforcement has made more progress with its investigation and after the company has completed work to further safeguard the microblogging service.

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Twitter’s SMS two-factor authentication is having issues. Here’s how to switch methods
A person's hands holding a smartphone as they browse Twitter on it.

It might be a good idea to review and change your two-factor authentication options for Twitter. Elon Musk's Twitter has another issue for its users to worry about.

Twitter has reportedly been having issues with its SMS two-factor authentication feature (2FA). According to Wired, beginning as early as this past weekend, some Twitter users have reported difficulties logging in to their Twitter accounts due to the app's SMS 2FA feature not working properly. Essentially, the feature relies on the app sending users an authentication code via text message, which they can then enter as a second step in the login process.

Read more
Twitter to start layoffs on Friday, internal email reveals
A stylized composite of the Twitter logo.

Following days of speculation after Elon Musk’s recent takeover of Twitter in a $44 billion deal, the company is expected to make significant job cuts on Friday.

In a widely reported internal email sent to Twitter employees on Thursday, the company said:

Read more
Elon Musk officially owns Twitter now: a timeline of how we got here
tesla and spacex ceo elon musk stylized image

It's official: Tesla CEO Elon Musk has taken charge of Twitter. Musk's $44 billion acquisition of the bird app officially closed on Thursday night.

And so it seems we've reached the end of the complicated, winding road of Musk's bid to buy Twitter. But if you're asking yourself how we got here and wondering how this all started, you're in the right place.

Read more