Twitter reveals how the Bitcoin scam really happened
A newly updated post mortem of the now-infamous Twitter hack confirms that employees were subject to a “phone spear phishing attack.”
This is a sophisticated form of phishing in which malicious actors target specific businesses or individuals using phone calls. During these calls, they may convince the victim to hand over passwords or other information used to access Twitter’s internal tools.
"The attack on July 15, 2020, targeted a small number of employees through a phone spear phishing attack,” Twitter said in a tweet yesterday, adding, "This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems."
By obtaining employee credentials, they were able to target specific employees who had access to our account support tools. They then targeted 130 Twitter accounts - Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7.
— Twitter Support (@TwitterSupport) July 31, 2020
Twitter elaborated that after seizing employee credentials, the hackers targeted other staff members, eventually cracking into what's been dubbed "God Mode," aka Twitter's admin panel.
Twitter had only previously described the hacker's modus operandi as “social engineering,” without giving further details.
The platform reasserted that over 130 Twitter accounts were compromised, with hackers succeeding in Tweeting a Bitcoin phishing scam from 45 of those—including Barack Obama Elon Musk, Bill Gates, and Democratic presidential candidate Joe Biden.
It wasn't just Bitcoin they stole, either. Per Twitter, attackers gained access to the direct messages of 36 victims—downloading the personal data of seven individuals.
In the weeks since the attack, the scope of Twitter's security failings has come to light. Last week, it was reported that over 1,000 Twitter staff and even outside contractors had access to the platform's so-called "God Mode" administrative panel.
It was later revealed by Bloomberg that in 2017, and 2018 the contractors in question—who helped maintain the platform and respond to help-desk inquiries—employed bogus support tickets to snoop on the likes of Beyonce, tracking the popstar's geolocation data and other private information.
Twitter later disputed the allegations.
"We have no indication that the partners we work with on customer service and account management played a part here," a Twitter spokesperson told Bloomberg.
Both Twitter and the FBI continue to investigate what happened.