TWITTER DIT that hackers guilty of a recent high-profile breach have tricked social media company workers into handing them over the phone.
The company revealed more main points about the previous hack this month, which it said targeted “a small number of workers through a phishing phone attack.”
“This attack was based on a significant and concerted attempt to deceive some workers and exploit human vulnerabilities in gaining access to our internal systems,” the company tweeted.
The July 15 attack compromised the accounts of some of its top users, adding Tesla CEO Elon Musk and celebrities Kanye West and his wife, Kim Kardashian West, in an obvious way to lure their subscribers into sending cash to an unnamed Bitcoin account.
After stealing workers’ credentials and breaking into Twitter systems, hackers were able to target other workers who had access to the account tools, the company said.
The hackers attacked 130 accounts. They controlled tweeting from forty-five accounts, accessing 36 direct message inboxes, and downloading Twitter information from seven. Dutch anti-Islamic parliamentarian Geert Wilders said his inbox is among those consulted.
Spear-phishing is a more specific edition of phishing, an identity theft scam that uses email or other electronic communications to trick recipients into transmitting sensitive information.
Twitter said it would provide a more detailed report later “given the ongoing police investigation.”
In the past, the company stated that the incident was a “coordinated social engineering attack” targeted some of its workers with access to internal systems and tools.
It did not provide additional data on how the attack was carried out.
British cybersecurity analyst Graham Cluley said he assumed that a target Twitter worker or contractor had won a phone message asking him to call a number.
“When the employee called the number, they might have taken it to a convincing (but fake) support service operator, who could then use social engineering techniques to induce the target victim to turn over his identifying information,” Clulely wrote on his blog. Friday Array
It is also imaginable that the hackers claimed to have called from the company’s valid helpline by spoofing the number, he said.
Please note that TheJournal.ie uses cookies to your delight and to provide services and advertising. For more information about cookies, please see our cookie policy.
News photographs provided through the Press Association and Ireland Photocall, unless otherwise noted. Irish sports photographs provided through Inpho Photography, unless otherwise noted. Cable service provided through the Associated Press.
Journal Media is not and is not guilty of user-created content, posts, comments, submissions, or preferences. Users are reminded that they are completely guilty of their own created content and their own posts, comments and presentations and compensate Journal Media in full and well for this content and its ability to make such content, posts, comments and presentations available. Journal Media is not and is not guilty of the content of external websites.
Create an email alert about the existing article