Twitter reveals new details of the hack

The Twitter hackers behind the breach gained access to the social network’s internal tools through phishing aimed at employees’ mobile phones. This is reported in the company’s blog.

The attack affected a small number of employees. Using their credentials, the attackers managed to breach the company’s internal system and obtain additional information.

Using this access, the hackers targeted other employees with access to the account-support tools. This allowed them to gain direct access to a number of accounts.

The hackers attacked 130 accounts, but were able to send messages from only 45. Personal messages from 36 accounts were compromised, and from 7 accounts all information was exfiltrated.

The company noted that access to tools for accessing user accounts is necessary to monitor platform rules. This access is held by a limited circle of employees.

Twitter emphasised that the company continually monitors the propriety of using these tools. The platform’s management pledged to strengthen this oversight to prevent similar attacks in the future.

On July 15, hackers compromised several Twitter accounts and posted messages about a fake Bitcoin giveaway.

The company said that the attackers were able to seize the accounts through a social-engineering attack targeted at employees with access to internal systems.

Subsequently, the platform said the attackers compromised 45 accounts of celebrities through password resets.

Earlier, former employees of the network said that access to user accounts was held by many employees.

Subscribe to ForkLog’s news on VK!