Twitter Bitcoin Hack Caused by Phone-Based Phishing Attack
The attack exploited human vulnerabilities to gain access to its internal systems
|Friday, July 31, 2020|
By William Sprouse for CFO.com
Twitter has disclosed more details about the July 15 incident in which hackers were able to access the accounts of a number of high-profile users to solicit bitcoin payments.
In a blog post, the company said hackers targeted a small number of employees through a phone spear-phishing attack to obtain specific employee credentials that allowed them to access internal support tools.
“This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” Twitter said. “This was a striking reminder of how important each person on our team is in protecting our service.”
In total, hackers targeted 130 accounts and sent tweets from 45 of them. The company said the hackers also accessed direct messages of 36 users and downloaded Twitter data from seven users.
Among the high-profile users whose accounts were accessed were Elon Musk, Joe Biden, Kanye West, Bill Gates, Michael Bloomberg, and Jeff Bezos. Tweets sent from the accounts offered to double the money that readers sent to an anonymous bitcoin account. Hackers reportedly stole more than $113,500 through the scheme.
Graham Clule, a cybersecurity analyst in the U.K., said that through the phone spear-phishing attack, a hacker probably convinced an employee to hand over credentials.
“When the worker called the number they might have been taken to a convincing (but fake) helpdesk operator, who was then able to use social engineering techniques to trick the intended victim into handing over their credentials,” Clulely wrote in a blog post.
He said the Twitter update debunked the idea that an employee assisted in the hack.
Twitter, citing the ongoing law enforcement probe, said it would provide a more detailed report at a later date.
“Since the attack, we’ve significantly limited access to our internal tools and systems to ensure ongoing account security while we complete our investigation,” the company said.