The attack on Twitter that has been mentioned in recent weeks has occurred due to human error. Some company employees have done so by communicating credentials for accessing internal systems to subjects who have used them for illicit purposes, that is, taking control of the Twitter accounts of well-known personalities and using them to carry out scams against unfortunate users – in the messages sent from the violated accounts it was asked to send payments in Bitcoin with the promise that the amount would be returned in a doubled amount.
Twitter in the storm: Bezos, Gates, Musk accounts hacked for Bitcoin 69 scam
Mobile Jul 16
Hacked Twitter and scammed users: what prevented the increase in victims 36
Mobile July 21
There is the extenuating circumstance that the mistake made by a restricted number of employees was induced with a telephone phishing technique. Twitter broadly describes what happened underlining that an attempt has been ascertained mislead certain employees and take advantage of its weaknesses to gain access to internal systems.
The attack on July 15, 2020, targeted a small number of employees through a phone spear phishing attack. This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.
– Twitter Support (@TwitterSupport) July 31, 2020
How exactly it was possible Twitter does not say it, but it is quite clear that it was not a subtraction of personal data without the knowledge of the staff, but a spontaneous transfer of such information – otherwise Twitter would not have used the concept of phishing which presupposes the collaboration of the victim. It is plausible, for example, that the attacker concealed his identity by passing himself off as a colleague or security guard.
The new update on the state of the investigations also contains a final balance of the damage produced by hackers:
- 130 accounts have been targeted
- Fake tweets were sent from 45 accounts
- There has been unauthorized access to the direct message boxes of 36 accounts
- The data were downloaded in an unauthorized manner from 7 accounts
Twitter has already stated that, after the incident, it has significantly reduced access to the tools that allow staff to intervene on user accounts, and that it has started a further path of improvement of the methods to detect and prevent access. not authorized for internal systems. The story captured media attention both because some scam attempts were actually successful – it is estimated that the fake messages were followed by the sending of a total of 110,000-120,000 dollars – and because Twitter accounts were also involved well-known politicians (and the hypothesis that the direct messages are also in the hands of hackers is not reassuring). It is recalled that the FBI continues to investigate the case.
The 5G that does not give up anything? Motorola Edge, on offer today from Tecnosell for 505 euros or from Media World for 587 euros.