Twitter has recently confirmed that the major account takeover that occurred was due to a spear-phishing attack. In an update to their previous statement, Twitter revealed that on July 15, a small number of employees were targeted through a phone spear-phishing attack. This attack allowed the attackers to gain access to both the internal network and specific employee credentials, giving them access to internal support tools.
The attackers used the credentials of the employees with access to these tools to target 130 Twitter accounts. They were able to Tweet from 45 accounts, access the DM inbox of 36 accounts, and download the Twitter data of seven accounts. Some of the high-profile accounts that were briefly hijacked during this attack included those belonging to Jeff Bezos, Bill Gates, Barack Obama, Joe Biden, Elon Musk, Kanye West, as well as corporate accounts like Apple, Bitcoin, and Coinbase.
Following the attack, Twitter has taken steps to limit access to their internal tools and systems while they complete their investigation. They are also investing in increased security protocols and techniques to prevent future attacks. In addition, they are working on improving their methods for detecting and preventing unauthorized access to their internal systems.
Stuart Reed, UK director at Orange Cyberdefense, emphasized the importance of a layered approach to cybersecurity, involving people, processes, and technology. He highlighted the need for employee awareness and education in maintaining good data hygiene, as cybersecurity is a shared responsibility across an organization.
As organizations continue to face evolving cybersecurity threats, it is crucial to prioritize security measures and empower employees with the knowledge and tools to protect against social engineering attacks like the one that targeted Twitter. By implementing robust security measures and fostering a culture of cybersecurity awareness, organizations can mitigate risks and safeguard their digital assets.