Twitter has published an official update that explains the way it was hacked on July 15th.
It is a partial overview of what happened, using the information collected so far. Twitter promises to publish a detailed technical report at a later date, following investigations conducted by law enforcement, and after completing work to raise the level of security of the service.
The partial report confirms that it was a social engineering attack on a limited number of employees of the company, launched through telephone phishing. The attack allowed the attackers to gain access to both the platform’s internal network and the specific credentials of some employees thanks to which they had access to internal support tools.
Once they entered the internal systems, they obtained information about company processes and turned their focus to other employees with access to account support tools. Thanks to their credentials, they were able to access 130 accounts.
Therefore, this was an issue related to the security of employee access levels.
With a team spread around the world to offer account support services, employees use proprietary tools to assist users and review content according to platform rules.
Access to these tools is strictly limited, but the attack was based on an organized attempt to trick some employees and exploit their vulnerabilities to gain access to internal systems.
In other words, the vulnerable link in the security system has been, as is often the case, the human one
Twitter hacked, how the platform is intervening
The company now claims to have significantly limited access to internal tools and systems, and as a result, some features are limited. This will result in slower responses to support requests, reported tweets and applications.
For the time being, it is not known when all functionalities will be fully restored.
Twitter also says they are improving methods to detect and prevent inappropriate access to internal systems and to prioritize the safe work of their teams. In addition, training drills will continue to be organized at the corporate level to learn how to defend against phishing.
Due in part to the Coronavirus emergency, Twitter, and many other companies, are in fact constrained to rely more and more on remote working, the so-called smart working, and this implies the use of internal tools that can be accessed remotely.
Therefore, the problem suffered by this platform due to this hack could happen again.