This is how Twitter was hacked
This is how Twitter was hacked
Security

This is how Twitter was hacked

By Marco Cavicchioli - 31 Jul 2020

Chevron down

Twitter has published an official update that explains the way it was hacked on July 15th

It is a partial overview of what happened, using the information collected so far. Twitter promises to publish a detailed technical report at a later date, following investigations conducted by law enforcement, and after completing work to raise the level of security of the service. 

The partial report confirms that it was a social engineering attack on a limited number of employees of the company, launched through telephone phishing.  The attack allowed the attackers to gain access to both the platform’s internal network and the specific credentials of some employees thanks to which they had access to internal support tools. 

Once they entered the internal systems, they obtained information about company processes and turned their focus to other employees with access to account support tools. Thanks to their credentials, they were able to access 130 accounts

Therefore, this was an issue related to the security of employee access levels

With a team spread around the world to offer account support services, employees use proprietary tools to assist users and review content according to platform rules. 

Access to these tools is strictly limited, but the attack was based on an organized attempt to trick some employees and exploit their vulnerabilities to gain access to internal systems. 

In other words, the vulnerable link in the security system has been, as is often the case, the human one

Twitter hacked, how the platform is intervening

The company now claims to have significantly limited access to internal tools and systems, and as a result, some features are limited. This will result in slower responses to support requests, reported tweets and applications. 

For the time being, it is not known when all functionalities will be fully restored. 

Twitter also says they are improving methods to detect and prevent inappropriate access to internal systems and to prioritize the safe work of their teams. In addition, training drills will continue to be organized at the corporate level to learn how to defend against phishing.

Due in part to the Coronavirus emergency, Twitter, and many other companies, are in fact constrained to rely more and more on remote working, the so-called smart working, and this implies the use of internal tools that can be accessed remotely

Therefore, the problem suffered by this platform due to this hack could happen again

Marco Cavicchioli
Marco Cavicchioli

Class 1975, Marco teaches web-technologies and is an online writer specializing in cryptocurrencies. He founded ilBitcoin.news, and his YouTube channel has more than 11 thousand subscribers.

We use cookies to make sure you can have the best experience on our site. If you continue to use this site we will assume that you are happy with it.