Thursday, December 5, 2024
HomeHacksTwitter Hack - Hackers Downloaded Account’s Information of Eight Twitter Accounts

Twitter Hack – Hackers Downloaded Account’s Information of Eight Twitter Accounts

Published on

SIEM as a Service

The recent sensational incident of Twitter Hack shacking the cybersecurity community unlike any other attack that Twitter has ever faced. So many top profile influential profiles were abused to scam million of users and steal thousands of dollars in Bitcoin.

After the detailed investigation, Twitter has released a statement and clarified that the hackers downloaded the data from 8 of the compromised twitter handles via their “Your Twitter Data” tool that provides an account owner with a summary of their Twitter account details and activity. 

The initial attack was launched via the traditional social engineering method through which attackers targeted the Twitter employees and manipulate them to perform a certain action and gathered confidential information.

- Advertisement - SIEM as a Service

The investigation clarifies that the attacker compromised only a small number of employees and used their credentials to access Twitter’s internal tools, even they were successfully bypassed the 2-factor authentication.

The Twitter investigation report says “As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets.”

When we look at the Bitcoin scam Tweets that posted in the top follower’s profile, attackers carefully picked the accounts which fall under the high reputation, most followers, well-known influencer, cryptocurrency trading platforms and successfully launched the attack, in result, thousands of followers lost $120,000 worth bitcoins to the scammer’s account.

Other than the scam tweets, Hackers downloaded the data from only 8 of the twitter accounts, and the account details are not disclosed due to the security concern, also Twitter team directly reached out to the account holders and all the 8 accounts aren’t verified profiles.

Soon after the incidents happen, Twitter security experts limited the compromised accounts access to the attackers and regained all the hacked accounts and locked it down.

“Our incident response team secured and revoked access to internal systems to prevent the attackers from further accessing our systems or the individual accounts.” Twitter says.

Twitter said that there is a certain things attacked accessed the following.

  • Attackers were not able to view previous account passwords, as those are not stored in plain text or available through the tools used in the attack.
  • Attackers were able to view personal information including email addresses and phone numbers, which are displayed to some users of our internal support tools.
  • In cases where an account was taken over by the attacker, they may have been able to view additional information. Our forensic investigation of these activities is still ongoing.

Twitter learned a great lesson through this massive incident, and the investigation is still going, which helps further securing the platform from the feature attacks.

Not only Twitter, but the other organization should take this kind of attack is a serious thing and provide proper company-wide training through a partnership with the best cybersecurity training academy to guard against social engineering tactics to supplement the training employees receive during onboarding. 

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read

Twitter CEO Jack Dorsey Account Hacked using Sim Swapping Attack

Twitter Bug Exposed Location Data of iOS Users to Advertiser

India’s Biggest Star Amitabh Bachchan’s Twitter Account Hacked

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Cisco NX-OS Vulnerability Allows Attackers to Bypass Image Signature Verification

A critical vulnerability has been identified in the bootloader of Cisco NX-OS Software, potentially...

Deloitte UK Hacked – Brain Cipher Group Claim to Have Stolen 1 TB of Data

Brain Cipher has claimed to have breached Deloitte UK and exfiltrated over 1 terabyte...

Cloudflare Developer Domains Abused For Cyber Attacks

Cloudflare Pages, a popular web deployment platform, is exploited by threat actors to host...

Hackers Exploit Docker Remote API Servers To Inject Gafgyt Malware

Attackers are exploiting publicly exposed Docker Remote API servers to deploy Gafgyt malware by...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Telegram Bot Selling Phishing Tools to Bypass 2FA & Hack Microsoft 365 Accounts

A newly discovered phishing marketplace, ONNX Store, empowers cybercriminals to launch sophisticated attacks against...

Mobile Device Management Vendor Mobile Guardian Hacked

 Mobile Guardian, a leading Mobile Device Management (MDM) vendor, experienced unauthorized access to its...

Hunt3r Kill3rs Group claims they Infiltrated Schneider Electric Systems in Germany

The notorious cybercriminal group Hunt3r Kill3rs has claimed responsibility for infiltrating Schneider Electric's systems...