The recent sensational incident of Twitter Hack shacking the cybersecurity community unlike any other attack that Twitter has ever faced. So many top profile influential profiles were abused to scam million of users and steal thousands of dollars in Bitcoin.
After the detailed investigation, Twitter has released a statement and clarified that the hackers downloaded the data from 8 of the compromised twitter handles via their “Your Twitter Data” tool that provides an account owner with a summary of their Twitter account details and activity.
The initial attack was launched via the traditional social engineering method through which attackers targeted the Twitter employees and manipulate them to perform a certain action and gathered confidential information.
The investigation clarifies that the attacker compromised only a small number of employees and used their credentials to access Twitter’s internal tools, even they were successfully bypassed the 2-factor authentication.
The Twitter investigation report says “As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets.”
When we look at the Bitcoin scam Tweets that posted in the top follower’s profile, attackers carefully picked the accounts which fall under the high reputation, most followers, well-known influencer, cryptocurrency trading platforms and successfully launched the attack, in result, thousands of followers lost $120,000 worth bitcoins to the scammer’s account.
Other than the scam tweets, Hackers downloaded the data from only 8 of the twitter accounts, and the account details are not disclosed due to the security concern, also Twitter team directly reached out to the account holders and all the 8 accounts aren’t verified profiles.
Soon after the incidents happen, Twitter security experts limited the compromised accounts access to the attackers and regained all the hacked accounts and locked it down.
“Our incident response team secured and revoked access to internal systems to prevent the attackers from further accessing our systems or the individual accounts.” Twitter says.
Twitter said that there is a certain things attacked accessed the following.
- Attackers were not able to view previous account passwords, as those are not stored in plain text or available through the tools used in the attack.
- Attackers were able to view personal information including email addresses and phone numbers, which are displayed to some users of our internal support tools.
- In cases where an account was taken over by the attacker, they may have been able to view additional information. Our forensic investigation of these activities is still ongoing.
Twitter learned a great lesson through this massive incident, and the investigation is still going, which helps further securing the platform from the feature attacks.
Not only Twitter, but the other organization should take this kind of attack is a serious thing and provide proper company-wide training through a partnership with the best cybersecurity training academy to guard against social engineering tactics to supplement the training employees receive during onboarding.