The hackers behind this month’s epic Twitter rape targeted a small number of employees through a “phone phishing attack,” the social networking site said Thursday night. When the stolen credentials of the employees were unable to give access to the account support tools, the hackers turned to additional workers who had the necessary permissions to access the tools.
“This attack was based on a significant and concerted attempt to trick certain employees and exploit human vulnerabilities to gain access to our internal systems,” Twitter officials wrote in a post. “This was an amazing reminder of the importance of each person on our team to protect our service. We take that responsibility seriously and everyone on Twitter is committed to keeping your information safe.
Thursday’s update also revealed that hackers downloaded personal data from seven of the accounts, but did not say which ones.
The post was the latest update on the investigation into the July 15 hack that hijacked accounts belonging to some of the world’s best-known celebrities, politicians, and executives, and made them tweet links to Bitcoin scams. A small sampling of account holders included Vice President Joe Biden, philanthropist and former Microsoft founder, CEO and President Bill Gates, Tesla founder Elon Musk, and pop star Kanye West.
It took hours for Twitter to return control of accounts to their rightful owners. In some cases, hackers regained control of the accounts even after they had been recovered, resulting in a tug-of-war between intruders and company employees.
Hours after containing the violation, Twitter said the incident was the result of losing control of its internal administrative systems to hackers who paid, cheated, or coerced one or more company employees. Company officials have provided regular updates since then. The most recent came last week, when Twitter said hackers used their access to read private messages from 36 hijacked accounts and that 130 affected users could see phone numbers and other private messages.
Free employee reins
Critics said the incident showed that Twitter has not put in place proper controls to prevent confidential user information from falling into the hands of people from the company or people who attack them. Twitter has promised to investigate how strangers gained access to sensitive internal systems and take steps to prevent similar attacks in the future.
Thursday’s update provided more color on how internal systems and account tools work. He said:
A successful attack required attackers to gain access to both our internal network and the specific credentials of employees that granted them access to our internal support tools. Not all employees who were initially attacked had permissions to use account management tools, but attackers used their credentials to access our internal systems and obtain information about our processes. This knowledge allowed them to target additional employees who had access to our account support tools. Using employee credentials with access to these tools, the attackers targeted 130 Twitter accounts, ultimately tweeted from 45, accessed the DM inbox of 36, and downloaded the Twitter data of 7.
The update says that since the attack, the company has “significantly” limited employees’ access to internal tools and systems while the investigation continues. The restrictions mainly affect a feature that allows users to download their data from Twitter, but other services will also be temporarily limited.
“We will be slower to respond to the needs of account support, reported Tweets and applications to our developer platform,” said the update. “We are sorry for the delays this causes, but we believe that it is a necessary precaution as we make lasting changes to our processes and tools as a result of this incident.” We will gradually resume our normal response times when we are confident that it is safe to do so. Thank you for your patience as we work on this. “
Thursday night’s publication also said the company is accelerating “unspecified and pre-existing security workflows and improvements to our tools” and prioritizing security work on multiple computers. Twitter is also improving ways to detect and prevent “inappropriate” access to internal systems.
