Twitter promises to add more training and security measures as the consequences of Wednesday’s large-scale hack continue on the social platform.
Twitter said in a statement that it will continue its investigation into the hack as it seeks to provide more company-wide security training against social engineering tactics. This will add to the cybersecurity training they receive during onboarding and ongoing phishing exercises.
Around 130 accounts were compromised on Wednesday when hackers took over major Twitter accounts in a Bitcoin hoax. Those engaged included Elon Musk, Kanye West, Bill Gates, the former vice president and current presidential candidate Joe Biden, as well as various crypto companies such as Binance, Coinbase, BitFinex and Gemini.
“We are very aware of our responsibilities with the people who use our service and with society in general. We are ashamed, disappointed, and more than anything, sorry, ”said Twitter. “We know that we must work to regain their trust, and we will support all efforts to bring those responsible to justice. We hope that our openness and transparency throughout this process, and the steps and work we will take to protect ourselves against other attacks in the future, are the beginning of doing this well. ”
Twitter said hackers were able to see personal information such as email addresses and phone numbers, although the social media platform noted that passwords for previous accounts were not accessed. Additional information from accounts taken by hackers may also have been seen.
A social engineering scheme
The attackers attacked the employees, Twitter said, using schemes that intentionally manipulate them to carry out certain actions and disclose confidential information. Hackers used Twitter employee credentials to access internal systems, so even accounts with two-factor protections were compromised. This affected only 130 accounts, but hackers changed passwords to 45 of those accounts. Some usernames may have been sold.
A New York Times report said the hackers were a group of youths and that they had planned the attack on a Discord server.
The forensic investigation into the hack continues, Twitter said, and the company is fully cooperating with police. Cointelegraph reported that Twitter had been searching for senior security engineers before the breach.
The big trick has been seen as a wake-up call for centralized platforms. Some users even found hidden messages in some transactions. These transactions lead to wallets associated with Coinbase and BitPay.
