Latest in Entertainment

Image credit: Mike Blake / Reuters

Twitter pins its July 15th breach on a phone spear phishing attack

Attackers gained access to admin tools to target 130 accounts.
Richard Lawler, @Rjcc
July 30, 2020
96 Shares
Share
Tweet
Share

Sponsored Links

The Twitter App loads on an iPhone in this illustration photograph taken in Los Angeles, California, U.S., July 22, 2019.    REUTERS/Mike Blake
Mike Blake / Reuters

Two weeks after a massive breach saw hackers take over some of the most prominent accounts on Twitter — including Barack Obama, Elon Musk, Joe Biden and Bill Gates — the company has published more details about how it happened. While a number of people from the “OGUsers” gray market forum provided details about a “Kirk” who was the source of access to internal tools, it was unclear how they came by that access in the first place.

Joe Biden hacked tweet
Twitter

According to Twitter, the answer is a phone spear phishing attack that targeted a “small number” of employees who did not all have access to management tools. However, attackers then “used their credentials to access our internal systems and gain information about our processes.” Twitter didn’t confirm a report that the access came from finding logins for the admin tool in a Slack channel, but it didn’t quite rule that out either, nor did it provide any clarity about who may have been behind the initial attack.

Twitter also released more details about what the attackers did with that access — targeting 130 accounts, tweeting from 45, accessing the DM inboxes of 36 and copying account data from 7. In response to the breach, Twitter said “We are also improving our methods for detecting and preventing inappropriate access to our internal systems and prioritizing security work across many of our teams.” A more detailed report on what happened is now promised at a later date, pending the ongoing security improvements and law enforcement investigations.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
96 Shares
Share
Tweet
Share

Popular on Engadget

Engadget's 2020 Back-to-School Guide

Engadget's 2020 Back-to-School Guide

View
Our readers get real about their issues with the AirPods Pro

Our readers get real about their issues with the AirPods Pro

View
Space Force official logo and motto unveiled

Space Force official logo and motto unveiled

View
Fossil's Gen 5 Wear OS smartwatches are about to get a major update

Fossil's Gen 5 Wear OS smartwatches are about to get a major update

View
Facebook repeatedly overruled fact checkers in favor of conservatives

Facebook repeatedly overruled fact checkers in favor of conservatives

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr