Twitter provided an update about the unprecedented July 15th attack that allowed hackers to tweet from some of the most high-profile accounts on the service, in a blog post and a series of tweets published Thursday evening. Twitter now says that a few employees were targeted in a phone spear phishing attack. While Twitter doesn’t quite say, that presumably means hackers called up Twitter employees while posing as colleagues or members of Twitter’s own security team, and got them to reveal the credentials they use to access internal systems.
Twitter had previously said its own tools were compromised in the attack, but up until this point, the company hadn’t specified how that had happened. “This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” Twitter said in a tweet from its support account.
By obtaining employee credentials, they were able to target specific employees who had access to our account support tools. They then targeted 130 Twitter accounts - Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7.— Twitter Support (@TwitterSupport) July 31, 2020
Twitter also reiterated that the attackers targeted 130 accounts, tweeted from 45, and accessed the direct messages of 36, but lowered the number of accounts that had their Twitter data downloaded (which would have also included direct messages) from “up to 8” to 7.
Twitter limited features and locked accounts for some users in the immediate aftermath of the attack. While many features have come back, “some features (namely, accessing the Your Twitter Data download feature) and processes have been impacted,” Twitter said in its blog post. The company also said it has “significantly limited” access to its internal tools for the moment and is “improving our methods for detecting and preventing inappropriate access to our internal systems.”
We’re accelerating several of our pre-existing security workstreams and improvements to our tools. We are also improving our methods for detecting and preventing inappropriate access to our internal systems and prioritizing security work across many of our teams.— Twitter Support (@TwitterSupport) July 31, 2020
During the attack, hackers tweeted a bitcoin scam from the Twitter accounts of President Barack Obama, Democratic presidential candidate Joe Biden, Tesla and SpaceX CEO Elon Musk, Microsoft co-founder Bill Gates, and more. The FBI has launched an investigation into the attack.