Twitter has acknowledged that hackers used its internal tool for the hack leading to a crypto scam that tricked hundreds worldwide.
Yesterday, Hackread.com reported a ‘tricky’ new crypto scam where hackers gained control of verified Twitter accounts. The compromised accounts then tweeted and asked people to send in cryptocurrency and get it doubled within no time.
The compromised accounts belonged to popular companies and personalities like:
Kanye West’s hacked Twitter account
According to the latest reports, a Twitter employee was responsible for the whole accounts takeover fiasco that stormed the internet world.
Two sources involved in the accounts takeover told Motherboard that they used a Twitter rep for hacking verified accounts. The hackers allege that the rep did all the work for them, and they paid him for his services.
Yet, officially, Twitter is still investigating the matter and trying to figure out whether the employee hijacked the accounts or allowed hackers to access them. It is, however, confirmed that the Twitter accounts were hacked using an internet tool.
Twitter also posted an official statement to address the attack stating that:
“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” the first tweet in a multi-tweet explainer thread explained.
“We know they used this access to take control of many highly-visible (including verified) accounts and Tweets on their behalf,” said Twitter.
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
— Twitter Support (@TwitterSupport) July 16, 2020
Motherboard, on the other hand, also shared screenshots of Twitter’s internal tools allegedly used by the hackers in the incident. One of the screenshots shows Binance’s panel and account, and others reveal that some accounts were compromised with a mere change of associated email address using the tool.
The incident reiterates the fact that malicious insiders are a growing cause of concern among the tech fraternity. When big firms allow insiders to access critical data, it can cause all sorts of troubles for the company, including reputational damage.
Comments from experts:
With any compromise, the targeted business jeopardizes losing user trust. The recent Twitter compromise is a prime example of how proactive employee training can be one of the best defenses from malicious actors, said Logan Kipp, Director at SiteLock.
Cybercriminals were able to access the high-profile accounts by tricking employees via a “coordinated social engineering attack” into giving up their credentials. Twitter, and any business with troves of data, passwords, etc., need to make security awareness training a top priority to better protect its people and users’ data against cyberattacks. Kipp advised.
“Training staff on being an effective human firewall is more critical than it has ever been. Employees are often the first line of defense and if they don’t know how to spot common attack methods like spear phishing, smashing, and whaling, cybercriminals will be quick to take advantage,” Kipp told Hackread.com.
Raif Mehmet, VP EMEA at Bitglass said that “Twitter’s new work from the home policy has clearly exposed information required by hackers to infiltrate key systems. A zero Trust CASB solution with multifactor authentication and SSO is essential to prevent these types of attacks when employees are accessing a labyrinth of both sanctioned and unsanctioned SAAS applications. Visibility alone into user activity is essential if forensics is to pinpoint the root cause.”
Seems to me like they used the internal tool to change the associated email address, and then reset the password to gain control of the account. This is the experience of people I spoke to who had their accounts compromised today
— William Turton (@WilliamTurton) July 16, 2020
It is worth noting that previously, two former employees of Twitter also abused their access to data for spying on users upon the backing of the Saudi government.