Hackers following the breach of this month’s Twitter epic targeted a handful of employees through a “phishing spear attack by phone,” the social media site said Thursday in the evening. When equipped employee credentials failed to give access to account support tools, hackers targeted additional workers who had the necessary permissions to access the tool.
“This attack was based on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” Twitter officials wrote in a post. “This was an impressive reminder of how important every person on our team is in protecting our service. We take this responsibility seriously and everyone on Twitter is committed to keeping your information secure.
Thursday’s update also revealed that hackers downloaded personal data from seven of the accounts, but did not say which.
The post was the latest update in the July 15 hack investigation that hijacked accounts belonging to some of the world’s most famous celebrities, politicians and executives and caused them to tweet links to Bitcoin scams. A small sampling of account holders included Vice President Joe Biden, philanthropist and former Microsoft founder, CEO, and President Bill Gates, Tesla founder Elon Musk, and star pop Kanye West.
Hours passed for Twitter to return control of accounts to their rightful owners. In some cases, hackers regained control of accounts even after they were recovered, leading to a tug of war between intruders and company employees.
Hours after it contained the breach, Twitter said the incident was the result of losing control of its internal administrative systems against hackers who either paid, cheated, or forced one or more company employees. Company officials have provided regular updates since then. The most recent one came last week, when Twitter said hackers used their access to read private messages from 36 hijacking accounts and that phone numbers and other private messages could be seen by 130 affected users.
We wanted an employee
Critics said the incident showed that Twitter has not yet implemented proper controls to prevent sensitive user information from falling into the hands of company people or people targeting them. Twitter has promised to investigate how foreigners have gained access to sensitive internal systems and take steps to prevent similar attacks in the future.
Thursday’s update provided more color on how internal systems and accounting tools work. He said:
A successful attack required attackers to gain access to both our internal network and the specific credentials of the employees who gave them access to our internal support tools. Not all employees who were initially targeted were allowed to use account management tools, but the attackers used their credentials to access our internal systems and obtain information about our processes. This knowledge then allowed them to target additional employees who had access to our account support tools. Using employee credentials with access to these tools, the attackers targeted 130 Twitter accounts, ultimately Tweeting out of 45, accessing 36’s DM inbox, and downloading Twitter Data of 7.
The update said that since the attack, the company has “significantly” limited employees ’access to internal tools and systems while continuing the investigation. The restrictions primarily affect a feature that allows users to download their Twitter data, but other services will be temporarily limited.
“We will be slower to respond to account support needs, reported Tweets and applications for our development platform,” the update said. “I am sorry for any delays this causes, but we believe it is a necessary precaution as we make long-term changes to our processes and tools as a result of this incident. We will gradually begin normal response times. when we are confident that it is safe to do so. Thank you for your patience as we work through this. “
The post on Thursday night also said that the company is accelerating unspecified and pre-existing security work lines and improving our tools ”and prioritizing security work between various teams. Twitter is also improving ways to detect and prevent “inappropriate” access to internal systems.