Hackers use phone phishing techniques to steal Twitter employee credentials

Twitter said the attackers behind this month’s hack took control of high-profile accounts after stealing passwords from Twitter employees as part of a July 15, 2020 phone spear phishing attack.

The phone-based social engineering attack, according to the company, allowed them to acquire passwords from a small collection of employees that made it possible to gain access to Twitter’s internal network and support tools.

” Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes,” Twitter said.

“This knowledge then enabled them to target additional employees who did have access to our account support tools.”

The hackers were able to gain access to employee passwords and were able to login to there accounts that were tied to internal Twitter support software. The attackers targeted a total of 130 Twitter accounts, tweeting from 45 of them, accessing 36 direct messages (including Dutch House of Representatives member Geert Wilders’ inbox), and downloading the Twitter data for 7 accounts.

The hackers used the accounts they took over following the phone spear phishing attack to drive a Bitcoin scam that filled their crypto-wallets with bitcoins worth roughly $120,000.

Twitter says that it has “significantly” limited employees’ access to its internal systems and support tools during the ongoing investigation and that it expects response times to some user reports and support needs to be slower until normal operations will be resumed.

More than 1,000 Twitter contractors and employees had access to the company’s internal resources prior to the attack, according to a Reuters article.

Twitter is also developing the methods used to identify and avoid unauthorized access to internal networks on Facebook, and is also performing corporate-wide phishing drills to deter potential possible hacking attempts.

“This was a striking reminder of how important each person on our team is in protecting our service,” Twitter said. “We take that responsibility seriously and everyone at Twitter is committed to keeping your information safe.”

Twitter said in earlier reports that it found no proof that the scammers have gained access to the passwords of the affected accounts and that they would not be reset.

Then, the attackers were able to reset passwords for 45 of the accounts used to execute the Bitcoin scam, and then log into the accounts to deliver their scam messages.

The company also reported that the scammers may also have attempted to sell some of the accounts they took over.