Hackers who penetrated social media platform Twitter’s systems a week or so ago, did so by compromising its employees’ smartphones, the company said in a blog post today. The post, which is part of Twitter’s ongoing disclosure about investigations into the attack, said the hackers targeted a “small number of employees" through a phone spear phishing attack. Such an attack is similar to usual phishing attacks, and is done through emails, text messages and more.
Further, the company said that not all employees who were initially targeted had permissions to the company’s and account support tools, but the hackers used this to compromise Twitter’s network and gain information about its systems. “This knowledge then enabled them to target additional employees who did have access to our account support tools," the post added. Using these credentials, the hackers then compromised 130 Twitter accounts, including high profile individuals like Elon Musk, Bill Gates, Barack Obama and more.
The company said it has “significantly limited access" to its internal tools and systems since the hack till it completes the investigation. Users will not be able to access the Your Twitter Data tool to download their personal information from Twitter till then, the company said. The hackers had used this tool on eight non-verified accounts to steal their data, the company had said in earlier investigations.
“We will be slower to respond to account support needs, reported tweets, and applications to our developer platform," Twitter added in its post. The company said it’s a “necessary precaution" till it finishes the investigation into the hack. “We will gradually resume our normal response times when we’re confident it’s safe to do so," the company said.
Hackers had compromised Twitter’s systems on July 15, running a bitcoin scam through access to its internal tools. The attackers were able to swindle cryptocurrency worth approximately $120,000 by posting from high profile individuals’ accounts, asking people to send bitcoin to a wallet and claiming that these individuals would double it.