Twitter released an update on July 30 revealing how hackers gained access to its internal network and account management tools in the recent attack.
It also gave details of additional measures taken to improve security since the hack, which netted 12 Bitcoin (BTC) through targeting the Twitter accounts of celebrities and crypto businesses.
Phishing for complements
The update confirmed that Twitter had been the victim of a social engineering attack, putting paid to rumors that the hack could have been an inside job.
According to the report, the July 15 incident started with a spear-phishing attack, targeting a small number of employees by telephone to gain network access credentials:
“Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes.”
The attackers then used this knowledge to target additional employees with access to account support tools.
A poor workman loses his tools
Responding to reports that over 1,000 employees had access to the admin tools, Twitter explained that it has teams around the world that help with account support.
However, access to the tools is strictly limited and only granted for legitimate business reasons. Since the attack it has further limited access, and will continue a continuous education program on the risks of phishing attacks.
During the hack the attackers accessed 130 Twitter accounts, tweeted from 45 of these, got into the direct messages inbox of 36 and downloaded the Twitter data of seven.