Twitter believes that a targeted spear phishing attack allowed hackers to gain access to its internal systems on July 15, compromising several high-profile accounts. Several reports suggest that a malicious intruder could be responsible for the Twitter attack, but it now appears that the attackers tricked specific employees with access to account management tools into passing on their credentials. In a traditional phishing attack, criminals send out a mass fraudulent email in an attempt to collect as much login information as possible. However, in a spear phishing attack, hackers assume the identity of someone known to the targeted individual (for example, a manager or a friend), increasing the chances of success. “The July 15 attack targeted a small number of employees via a phone phishing attack. This attack was based on a significant and concerted effort to deceive certain employees and exploit human vulnerabilities to gain access to our internal systems," a Twitter support thread read. The social media company says it is exploring ways to protect against such attacks in the future and that you have limited access to internal tools and systems until normal operations can safely resume.
The Twitter hack affected 130 accounts in total, including those belonging to Bill Gates, Jeff Bezos, Barack Obama and other influencers. Hackers tweeted from 45 of these accounts, which were used to sell a cryptocurrency scam, accessing 36 direct messages and downloading data related to 7. “We give back to our community. We support Bitcoin and we think you should too! Any Bitcoin sent to our address below will be returned to you double! It will only last 30 minutes,” read a tweet posted on Apple's Twitter account, which was also hijacked. Similar messages were posted to all compromised accounts, winning scammers over €100,000 worth of bitcoins. However, the figure could have been much higher if the Coinbase cryptocurrency exchange had not blocked an additional €280,000 in payments to the wallet address. Twitter, for its part, immediately blocked all verified accounts (even those that weren't compromised) and also limited certain feature sets in an attempt to contain the incident. “We are speeding up many of our legacy security workflows and improving our tools. We are also improving our methods of detecting and preventing inappropriate access to our internal systems and prioritizing security work across many of our teams,” Twitter said. “It was a vivid reminder of the importance of each member of our team in protecting our service. We take this responsibility seriously, and everyone at Twitter is committed to protecting your information. "