Twitter attack has shed some light on the unprecedented attack on Wednesday that resulted in numerous takeovers of high-profile accounts including those of President Barack Obama, Democratic candidate Joe Biden, and Tesla CEO Elon Musk. during a series of tweets posted tonight under its support channel, Twitter said that its internal systems were compromised by the hackers, confirming theories that the attack couldn’t are conducted without access to the company’s own tools and employee privileges.
“We detected what we believe to be a coordinated social engineering attack by people that successfully targeted a number of our employees with access to internal systems and tools,” the primary tweet during a multi-tweet explainer thread reads. “We know they used this access to require control of the many highly-visible (including verified) accounts and Tweet on their behalf.”
It seems as if Twitter is acknowledging here that numerous people appear to possess been involved within the hacks, not only one individual, and also that numerous employees were compromised, too.
Twitter doesn’t elaborate on what tools the hack accessed or how precisely the attack was administered , but Motherboard reported earlier today that various underground hacking circles are sharing screenshots of an indoor company admin tool allegedly wont to conduct the account takeovers, potentially by resetting account email accounts then recovering passwords.
Twitter attack – reveals that its own employee tools contributed to unprecedented attack
In an update to its investigation on the hack, Motherboard now says it’s talked to hackers who say they paid a Twitter employee to vary the e-mail addresses of popular accounts using the interior tool in order that they might then take hold of them.
Motherboard also shared a number of the screenshots of the interior tool allegedly at the middle of the hacks, including one here during which Motherboard redacted sensitive account info. Twitter is reportedly suspending accounts that share the screenshots and manually removing them for violating its rules.
A screenshot of the interior Twitter admin tool allegedly at the middle of Wednesday’s unprecedented attacks that has been circulating among hacker communities, consistent with Motherboard. Image: Motherboard
It is not clear if this is often definitely how the attack was carried out; Twitter won’t say for now. But the near-simultaneous account takeovers of variety of sensitive Twitter accounts — including those of presidential candidates and people with two-factor authentication enabled — suggest the attackers didn’t simply exploit individual account owners and had at the very least indirect access to employee tools.
The company says it’s currently investigating “what other malicious activity they’ll have conducted or information they’ll have accessed and can share more here as we’ve it.” It’s theoretically possible that attackers may have had access to non-public direct messages, as an example .
Those liable for the attack seemed to use the account takeovers as how to market a bitcoin scam, one that resulted in people sending nearly $120,000 worth of the cryptocurrency to the digital wallet address listed in nearly all of the tweets, blockchain records show.
“Twitter says the hackers targeted its employees for access to internal systems”
But as Twitter alludes to, there could alright are ulterior motives at play beyond just a cryptocurrency scam, and political and business accounts may have had sensitive information gleaned from those private messages and other account info.
Twitter will now likely face serious questions on its internal security precautions and therefore the protections it’s in situ to stop this from ever happening again or from leading to much more catastrophic consequences within the future. It’s quite possible Twitter will find itself facing government inquiries and investigations.
Twitter says that when it became conscious of the unfolding situation, it “immediately locked down the affected accounts and removed Tweets posted by the attackers.” It also took the unprecedented step of disabling the power for verified accounts to send new tweets.
“This was disruptive, but it had been a crucial step to scale back risk. Most functionality has been restored but we may take further actions and can update you if we do,” the update reads. “We have locked accounts that were compromised and can restore access to the first account owner only we are certain we will do so securely.” Twitter also says that it’s taken steps internally to “limit access to internal systems and tools while our investigation is ongoing.”