The hackers behind this month’s epic Twitter breach targeted a small number of employees through a “phone hack,” the social media site said Thursday night. When pilfered employee credentials fail to grant access to account support tools, the hackers target additional employees who have the permissions needed to access the tools.
“This attack was based on a serious and concerted effort to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” Twitter officials said. wrote in a post. “This is a wonderful reminder of how important each individual on our team is in securing our work. We take that responsibility seriously and everyone at Twitter is committed to keeping your information safe. “
Thursday’s update also revealed that the hackers obtained personal data from seven of the accounts, but did not say which.
The post is the latest update in the investigation into a July 15 hack that stole accounts belonging to some of the world’s most famous celebrities, politicians, and executives and caused them to tweet links to Bitcoin scams. . A small sample of those who have accounts include former Vice President Joe Biden, philanthropist and Microsoft founder and former CEO, and Chairman Bill Gates, Tesla founder Elon Musk, and pop star Kanye West.
It took hours for Twitter to return control of the accounts to their rightful owners. In some cases, the hackers regained control of the accounts even after they were recovered, causing a war between the hackers and the company’s employees.
Hours after the breach, Twitter said the incident was the result of losing control of its internal control systems to hackers who paid, tricked or coerced one or more company employees. Company officials have provided regular updates since then. The most recent came last week, when Twitter said hackers used their access to read private messages from 36 compromised accounts and obtained phone numbers and other private messages from 130 affected users. you see.
Free rein staff
Critics say the incident shows that Twitter has not implemented adequate controls to prevent sensitive user information from falling into the hands of company insiders or targeted individuals. Twitter has vowed to investigate how outsiders gained access to internal systems and take steps to prevent similar attacks in the future.
Wednesday’s update provides more color about how internal programs and account tools work. He said:
A successful attack requires the attackers to have access to both our internal network and specific employee credentials that give them access to our internal support tools. Not all targeted employees have permissions to use account management tools, but attackers use their credentials to access our internal systems and obtain information about our processes. This knowledge then enables them to focus on additional staff who have access to our account support tools. Using the credentials of employees with access to these tools, the attackers targeted 130 Twitter accounts, finally Tweeting from 45, accessing the DM inbox of 36, and downloading Twitter data of 7.
The update said that since the attack, the company has “essentially” limited employee access to internal tools and systems while the investigation continues. Restrictions are primarily a feature effect that enables users download their Twitter databut other services will also be temporarily limited.
“We will be slow to respond to account support needs, reported Tweets, and applications to the developer platform,” the update said. “We are sorry for any delays for these reasons, but we believe it is an important precaution as we make the necessary changes to our procedures and equipment as a result of this incident. We will gradually resume our regular response times when we are confident it is not safe to do so. Thank you for your patience as we work through this. “
Wednesday night’s post also said the company is accelerating unspecified and “existing security workflows and improvements to our tools” and prioritizing security work across multiple teams. Twitter is also improving ways to detect and prevent “unauthorized” access to internal systems.