During July of 2020, Twitter faced its ninth data breach. This would be aimed at high profile targets such as former U.S. President Barrack Obama, Tesla and Space X CEO Elon Musk, Microsoft Co-founder Bill Gates, rap artist Kanye West and over 100 other users.
After the attacker gained access to the accounts, he posted cryptocurrency scam messages stating that the account holder was “giving back” to the community and was going to double all the Bitcoin sent to their address and then reciprocate this by giving the funds back to the sender.
As a result of this attack, the hackers managed to get over $100,000.
As well as sending out these tweets, eight compromised accounts had data such as posts and direct messages downloaded. None of these accounts were verified or considered high-profile, however.
Twitter suspected that thirty-six other accounts may have had their direct messages accessed, but these were not downloaded.
It is unclear whether these attacks affected anything else. However, the hacker would have had access to each user’s personal messages and other account information.
Shortly after the incident, Twitter stated that they were aware of “a security incident impacting accounts on Twitter” and that they were taking the necessary steps to fix it. These steps included disabling some high-profile accounts from tweeting and resetting their password.
The response
To carry out this scam, the hacker(s) used Twitter’s internal administration tools to access the accounts, bypassing security measures which could mean the attacker was using Twitter’s own system.
A widely accepted theory is that to gain access to Twitter’s back end, the hackers used social engineering attacks, rather than a technical exploit.
Social engineering (in a cyber security setting) is the act of manipulating an individual – often relying on their instinct to be helpful and kind – to gain information or anything of relevance that can be used in a cyber-attack.
As an example, receiving an email from someone presenting themselves as a co-worker who is asking for data such as log-in details urgently, human instinct is to send them as it is the kind thing to do. The urgency of the email makes you less likely to check details or even consider that it may be a phishing email.
A few days after the attack, Twitter released another statement:
“The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams.”
In this incident, the attackers had gained access to accounts of low-level Twitter employees and then used social engineering methods to gain access to admin tools with other employee’s credentials.
Since this event, there have been no further known attacks on Twitter.
For information on how to protect your business from scams and attacks, contact us and we’ll walk you through our industry-leading cyber security options.
Itek provides IT solutions for your entire IT infrastructure. Your business can experience a cost-effective service at a predictable fixed rate, removing the burden from you and your team and freeing you to focus on your goals.