Twitter Was Hacked Through A Social Engineering Scheme
As Twitter and the FBI continue to investigate the cyber attack that compromised a slew of high-profile accounts this month, it has emerged that more than 1,000 employees and contractors had access to tools exploited in the attack.
Citing two former Twitter employees, it was reported last Thursday the internal systems let anyone with access change settings and transfer control to others, two tactics that were seemingly abused to target about 130 profiles in the July 15 incident.
With suspected financial motives, unidentified hackers gained control over accounts of users including Elon Musk, Bill Gates, Michael Bloomberg, Joe Biden, Barack Obama, Kanye West, and Kim Kardashian, spreading a bitcoin cryptocurrency scam.
According to the ex-Twitter employees who were said to be familiar with the platform's security procedures access to the backend systems was too broad. They claimed at least 1,000 people, as of this year, could have easily aided a similar hack.
Industry experts say it's best to keep backend access limited to reduce security risks. Twitter has 4,600 employees in total, meaning one in four employees had the ability to access any user account.
Investigations to find out the full scope of the attack and the culprits responsible remain ongoing at the time of writing. Based on initial analysis, it is believed the hackers stole more than $100,000-worth of cryptocurrency during the fast-moving heist.
Twitter CEO Jack Dorsey addressed the situation during an earnings call with analysts last Thursday, noting his employees had suffered through a "really tough week."
"We feel terrible about the security incident that negatively affected the people we serve and their trust in us. Security doesn't have an endpoint, it's a constant iteration to stay steps ahead of adversaries," the CEO said.
"We fell behind, both in our protections against social engineering of our employees and restrictions on our internal tools. And for that, I apologize on behalf of our company.
"We moved quickly to lock down and fix and sought to be transparent and frequent in our updates to the public. We will continue to go above and beyond here as we continue to secure our systems and work with external firms and law enforcement."
Based on a preliminary probe, the social networking site's security team has said the attackers targeted employees "through a social engineering scheme," accessing internal systems and hijacking dozens of profiles after obtaining workers' credentials.
They targeted about 130 accounts. "For 45 of those accounts the attackers were able to initiate a password reset, login to the account, and send tweets," Twitter said.
Twitter confirmed in a blog post last Wednesday that the culprits were believed to have accessed the direct messages of 36 of the 130 accounts, including a single unnamed elected official in the Netherlands. For up to eight accounts none verified the hackers downloaded data using the "Your Twitter Data" tool, which also includes DMs.
At Dallas Network Services, we work with a large variety of businesses based in Dallas and Fort Worth (DFW) and the surrounding area such as Addison, Plano, Carrollton, Denton, Richardson, Garland and beyond. We also extend our reach outside the area to include all Texas and other states. We provide on premise server support including Microsoft Exchange as well as Cloud computing services and hosted solutions. We specialize project services, network support, desktop support and voice over IP (VoIP) business phones. Our fully managed IT services will improve your business reliability as well as your bottom line. Contact us today at www.dallasnetworkservices.com chat or call 214-696-6630. #DNS#dallasnetworkservices#techsupport#hacker#cybersecurity#MSP