Friday, March 29, 2024

Twitter Hack – Hackers Downloaded Account’s Information of Eight Twitter Accounts

The recent sensational incident of Twitter Hack shacking the cybersecurity community unlike any other attack that Twitter has ever faced. So many top profile influential profiles were abused to scam million of users and steal thousands of dollars in Bitcoin.

After the detailed investigation, Twitter has released a statement and clarified that the hackers downloaded the data from 8 of the compromised twitter handles via their “Your Twitter Data” tool that provides an account owner with a summary of their Twitter account details and activity. 

The initial attack was launched via the traditional social engineering method through which attackers targeted the Twitter employees and manipulate them to perform a certain action and gathered confidential information.

The investigation clarifies that the attacker compromised only a small number of employees and used their credentials to access Twitter’s internal tools, even they were successfully bypassed the 2-factor authentication.

The Twitter investigation report says “As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets.”

When we look at the Bitcoin scam Tweets that posted in the top follower’s profile, attackers carefully picked the accounts which fall under the high reputation, most followers, well-known influencer, cryptocurrency trading platforms and successfully launched the attack, in result, thousands of followers lost $120,000 worth bitcoins to the scammer’s account.

Other than the scam tweets, Hackers downloaded the data from only 8 of the twitter accounts, and the account details are not disclosed due to the security concern, also Twitter team directly reached out to the account holders and all the 8 accounts aren’t verified profiles.

Soon after the incidents happen, Twitter security experts limited the compromised accounts access to the attackers and regained all the hacked accounts and locked it down.

“Our incident response team secured and revoked access to internal systems to prevent the attackers from further accessing our systems or the individual accounts.” Twitter says.

Twitter said that there is a certain things attacked accessed the following.

  • Attackers were not able to view previous account passwords, as those are not stored in plain text or available through the tools used in the attack.
  • Attackers were able to view personal information including email addresses and phone numbers, which are displayed to some users of our internal support tools.
  • In cases where an account was taken over by the attacker, they may have been able to view additional information. Our forensic investigation of these activities is still ongoing.

Twitter learned a great lesson through this massive incident, and the investigation is still going, which helps further securing the platform from the feature attacks.

Not only Twitter, but the other organization should take this kind of attack is a serious thing and provide proper company-wide training through a partnership with the best cybersecurity training academy to guard against social engineering tactics to supplement the training employees receive during onboarding. 

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read

Twitter CEO Jack Dorsey Account Hacked using Sim Swapping Attack

Twitter Bug Exposed Location Data of iOS Users to Advertiser

India’s Biggest Star Amitabh Bachchan’s Twitter Account Hacked

Website

Latest articles

Beware Of Weaponized Air Force invitation PDF Targeting Indian Defense And Energy Sectors

EclecticIQ cybersecurity researchers have uncovered a cyberespionage operation dubbed "Operation FlightNight" targeting Indian government...

WarzoneRAT Returns Post FBI Seizure: Utilizing LNK & HTA File

The notorious WarzoneRAT malware has made a comeback, despite the FBI's recent efforts to...

Google Revealed Kernel Address Sanitizer To Harden Android Firmware And Beyond

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source...

Compromised SaaS Supply Chain Apps: 97% of Organizations at Risk of Cyber Attacks

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation,...

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles