Update: Hackers Used Phone Spear Phishing To Access Twitter’s System

0
161
Image source: New York Post

Twitter has released an update on the high-profile security incident the company encountered few weeks ago.

The company posted an update on its blog that the hackers targeted a small number of their employee, using phone spear phishing attack.

According to the update by the verified Twitter Support handle, the hackers were able to exploit human vulnerabilities and mislead the employees by placing calls to their devices.

The attack was used to get access to Twitter’s internal network, as well as specific user credentials. Although, only a few of the targeted employees have the tools the hackers needed, the hackers were, however, able to use the credentials of these employees to access Twitter’s internal system, and learn its processes.

“This knowledge then enabled them to target additional employees who did have access to our account support tools. Using the credentials of employees with access to these tools, the attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7, ” Twitter reported.

The company has said that it is investigating how deep the hack could have gone, and is working on making access to proprietary tools strictly for verified business reasons.

“While these tools, controls, and processes are constantly being updated and improved, we are taking a hard look at how we can make them even more sophisticated.”

Twitter states that the exploitation of human vulnerabilities and misleading tactics by the hackers to create a passage through its employees shows how important each member of their team is in the protection of their system.

While Twitter has restricted access to security tools, the company says it is investing of more security protocols to prevent future occurrence.

It will be recalled that few weeks ago, we reported that Twitter experienced a security breach that gave hackers access, and send out tweet about a scam cryptocurrency giveaway.

The hackers used the Twitter accounts of prominent personalities to tweet about giving back to the community by doubling Bitcoin sent to their wallet.

In the update released on the 18th, Twitter said 130 accounts were targeted, and sent tweets from 45 of the 130 accounts.

Leave a Reply