Hackers who penetrated social media platform Twitter’s systems a week or so in the past, did so by compromising its workers’ smartphones, the corporate stated in a blog publish at the moment. The publish, which is a part of Twitter’s ongoing disclosure about investigations into the attack, stated the hackers focused a “small variety of workers” by a phone spear phishing attack. Such an attack is just like traditional phishing attacks, and is done by emails, text messages and more.
Further, the corporate stated that not all workers who had been initially focused had permissions to the corporate’s and account support tools, however the hackers used this to compromise Twitter’s network and achieve details about its systems. “This data then enabled them to focus on additional workers who did have entry to our account support tools,” the post added. Using these credentials, the hackers then compromised 130 Twitter accounts, together with high profile individuals like Elon Musk, Bill Gates, Barack Obama and more.
The firm stated it has “significantly restricted access” to its inside tools and methods since the hack until it completes the investigation. Users won’t be able to access the Your Twitter Data tool to obtain their private data from Twitter until then, the corporate stated. The hackers had used this device on eight non-verified accounts to steal their data, the corporate had stated in earlier investigations.
“We shall be slower to reply to account support needs, reported tweets, and applications to our developer platform,” Twitter added in its post. The company said it’s a “necessary precaution” until it finishes the investigation into the hack. “We will regularly resume our normal response times once we’re assured it’s secure to take action,” the corporate stated.
Hackers had compromised Twitter’s systems on July 15, operating a bitcoin scam through access to its internal tools. The attackers had been in a position to swindle cryptocurrency worth approximately by $120,000 by posting from high profile individuals’ accounts, asking individuals to send bitcoin to a wallet and claiming that these individuals would double it.