Twitter has revealed more details as to how some high profile accounts were hacked earlier this month.
In a statement on its website, the firm revealed a ‘spear phishing’ attack was used to pilfer the personal details of unsuspecting Twitter staff and contractors.
This involves the hacker sending emails to the victim or calling them up pretending to be a known or trusted person in order to trick them into revealing confidential information.
This information was then used to gain access to internal account management tools which gave hackers free rein.
Insiders recently revealed that more than 1,000 Twitter employees had the ability to access internal tools and a number of these were targeted by hackers.
The cyber attack last week saw former US president Barack Obama, Microsoft founder Bill Gates and rapper Kanye West among the high-profile accounts affected.
Accounts of Elon Musk, Joe Biden, Jeff Bezos, Kim Kardashian West, Mike Bloomberg, Apple and Uber are also known to have been hit.
Tweets were simultaneously posted promoting a Bitcoin scam which promised followers free money if they transferred funds to a specific digital wallet.
Scroll down for video
Twitter says 130 accounts were targeted in the mass hack that occurred last week and a smaller amount had their private messages (DMs) breached as well. Access to the accounts was garnered by hackers via spear phishing attacks (file photo)
The initial attack from the hackers saw them obtain login details to some of Twitter’s tools, but not the management-level access required to breach an account.
But the information garnered from the first employees was used to then go after the staff members who did have such access.
‘Using the credentials of employees with access to these tools, the attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7,’ Twitter said.
It is thought the orchestrators of the hack made about $121,000 from 400 payments.
The cyber attack last week saw former US president Barack Obama, Microsoft founder Bill Gates and rapper Kanye West among the high-profile accounts affected. Tweets were simultaneously posted promoting a Bitcoin scam which promised followers free bitcoin if they transferred funds to a specific digital wallet
Twitter says hackers ‘manipulated’ employees to access 130 accounts
Twitter said last week that hackers ‘manipulated’ some of its employees to access accounts.
More than $100,000 worth of the virtual currency was sent to email addresses mentioned in the tweets, according to Blockchain.com, which monitors crypto transactions.
‘We know that they accessed tools only available to our internal support teams to target 130 Twitter accounts,’ said a statement posted on Twitter’s blog.
For 45 of those accounts, the hackers were able to reset passwords, login and send tweets, it added, while the personal data of up to eight unverified users was downloaded.
Twitter locked down affected accounts and removed the fraudulent tweets. It also shut off accounts not affected by the hack as a precaution.
The statement does not give any more details on exactly how the information was garnered other than it was via a spear phishing attack.
Generally, spear phishing is where criminals target an individual and use correct information about them to lull them into a false sense of security.
This fraudulent practice gains the trust if the individual and tricks them into handing over emails and sometimes passwords.
This information is extremely valuable to hackers as it can be used to try and access other accounts the individual may have access to.
In this case that was the internal tools at Twitter, but the technique is often used to obtain banking details.
British cybersecurity analyst Graham Cluley believes it is possible this targeted attack was done over the phone.
The victims likely received a message asking them to call a number.
‘When the worker called the number they might have been taken to a convincing (but fake) helpdesk operator, who was then able to use social engineering techniques to trick the intended victim into handing over their credentials,’ Clulely wrote on his blog.
Twitter adds that it has tightened restrictions on who can access the internal account management tools.
‘As a result, some features (namely, accessing the Your Twitter Data download feature) and processes have been impacted,’ it says.
‘We will be slower to respond to account support needs, reported Tweets, and applications to our developer platform,’ said Twitter.
‘We’re sorry for any delays this causes, but we believe it’s a necessary precaution as we make durable changes to our processes and tooling as a result of this incident.
‘We will gradually resume our normal response times when we’re confident it’s safe to do so.’