This site uses cookies to improve your experience and to provide services and advertising. By continuing to browse, you agree to the use of cookies described in our Cookies Policy. You may change your settings at any time but this may impact on the functionality of the site. To learn more see our Cookies Policy.
OK
#Open journalism No news is bad news

Your contributions will help us continue to deliver the stories that are important to you

Support The Journal
Dublin: 23 °C Tuesday 4 August, 2020
Advertisement

Twitter reveals further details about the large-scale hack of celebrity accounts

The company said hackers attempted to mislead certain employees.

Image: Shutterstock/khak

TWITTER SAYS THE hackers responsible for a recent high-profile breach fooled the social media company’s employees into giving them access over the phone.

The company has revealed more details about the hack earlier this month, which it said targeted “a small number of employees through a phone spear-phishing attack”.

“This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” the company tweeted.

The 15 July attack compromised the accounts of some of its most high-profile users, including Tesla CEO Elon Musk and celebrities Kanye West and his wife, Kim Kardashian West, in an apparent attempt to lure their followers into sending money to an anonymous Bitcoin account.

After stealing employee credentials and getting into Twitter’s systems, the hackers were able to target other employees who had access to account support tools, the company said.

The hackers targeted 130 accounts. They managed to tweet from 45 accounts, access the direct message inboxes of 36, and download the Twitter data from seven. Dutch anti-Islam MP Geert Wilders has said his inbox was among those accessed.

Spear-phishing is a more targeted version of phishing, an impersonation scam that uses email or other electronic communications to deceive recipients into handing over sensitive information.

Twitter said it would provide a more detailed report later “given the ongoing law enforcement investigation.”

The company has previously said the incident was a “co-ordinated social engineering attack” that targeted some of its employees with access to internal systems and tools.

It did not provide any more information about how the attack was carried out.

#Open journalism No news is bad news Support The Journal

Your contributions will help us continue to deliver the stories that are important to you

Support us now

British cybersecurity analyst Graham Cluley said his guess was that a targeted Twitter employee or contractor received a message by phone asking them to call a number.

“When the worker called the number they might have been taken to a convincing (but fake) helpdesk operator, who was then able to use social engineering techniques to trick the intended victim into handing over their credentials,” Clulely wrote on his blog on Friday.

It is also possible the hackers pretended to call from the company’s legitimate help line by spoofing the number, he said.

  • Share on Facebook
  • Email this article
  •  

About the author:

Press Association

Read next:

COMMENTS (2)

This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
write a comment

    Leave a commentcancel