Twitter said these employees had access to the company's internal tools and attacking and gaining control of their accounts provided hackers with an access to their internal systems.
Twitter has made its investigation on the recent high-profile bitcoin scam public in a series of tweets and a blog post. Twitter has said that the breach of accounts was done by targeting a handful of the company’s employees through a phone spear phishing attack. Twitter further elaborated that these employees had access to the company’s internal tools and attacking and gaining control of their accounts provided hackers with an access to the company’s internal systems.
“The social engineering that occurred on July 15, 2020, targeted a small number of employees through a phone spear phishing attack. A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools.” Twitter said in its blog post informing revelations that came out of the investigation so far.
Access to Twitter’s internal processes enabled the group of attackers to attack more employees who had access to the company’s sophisticated tools which ultimately helped them in breaching the safeguards of 130 Twitter accounts. The group of hackers then tweeted from 45 accounts, gained access to the direct messages of 36 Twitter accounts, and downloaded the data of 7 Twitter accounts.
Twitter laid the blame on human vulnerabilities shown by its employees in getting misled by coordinated efforts from the attackers behind the breach in its internal systems.
Several big names that include the likes of Barack Obama, Joe Biden, Jeff Bezos, and Warren Buffett had seen their accounts compromised in an apparent bid by attackers to promote the Bitcoin scam on July 15. Twitter said that it has directly communicated with the people whose accounts were compromised and that the accounts that were locked in the correction process have now been made active. The company said that the investigation is still ongoing and the attackers will be identified with a collaborative approach with appropriate authorities.