Kral Ussery LLC, Certified Public Accountants
TX Office: (817) 416-6842
NV Office: (702) 565-2727

Twitter Bitcoin Hack Caused by Phone-Based Phishing Attack

« Back to News List            IIA updates Three Lines Model to stress risk... >>

Twitter Bitcoin Hack Caused by Phone-Based Phishing Attack

The attack exploited human vulnerabilities to gain access to its internal systems

Friday, July 31, 2020
By William Sprouse for

Twitter has disclosed more details about the July 15 incident in which hackers were able to access the accounts of a number of high-profile users to solicit bitcoin payments.

In a blog post, the company said hackers targeted a small number of employees through a phone spear-phishing attack to obtain specific employee credentials that allowed them to access internal support tools.

“This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” Twitter said. “This was a striking reminder of how important each person on our team is in protecting our service.”

In total, hackers targeted 130 accounts and sent tweets from 45 of them. The company said the hackers also accessed direct messages of 36 users and downloaded Twitter data from seven users.

Among the high-profile users whose accounts were accessed were Elon Musk, Joe Biden, Kanye West, Bill Gates, Michael Bloomberg, and Jeff Bezos. Tweets sent from the accounts offered to double the money that readers sent to an anonymous bitcoin account. Hackers reportedly stole more than $113,500 through the scheme.

Graham Clule, a cybersecurity analyst in the U.K., said that through the phone spear-phishing attack, a hacker probably convinced an employee to hand over credentials.

“When the worker called the number they might have been taken to a convincing (but fake) helpdesk operator, who was then able to use social engineering techniques to trick the intended victim into handing over their credentials,” Clulely wrote in a blog post.

He said the Twitter update debunked the idea that an employee assisted in the hack.

Twitter, citing the ongoing law enforcement probe, said it would provide a more detailed report at a later date.

“Since the attack, we’ve significantly limited access to our internal tools and systems to ensure ongoing account security while we complete our investigation,” the company said.

Related links:

IPO FAQs | IPO Process | Detailed IPO Process Steps
Home | Privacy Policy | Disclaimer | Site Map

Copyright © , Kral Ussery LLC, Certified Public Accountants All Rights Reserved

Web Presence By Netphoria Inc