Twitter hack: Celebrity accounts accessed after employees fall for tech support scam

200715194919 02 twitter hack split hp video

At the time of the July 15 attack, Twitter had no chief information security officer and suffered from poor internal security controls, the report concluded — calling for additional cybersecurity regulation of major tech platforms. Twitter didn’t immediately respond to a request for comment.

“In other industries that are deemed critical infrastructure, such as telecommunications, utilities, and finance, we have established regulators and regulations to ensure that the public interest is protected,” said the report from New York’s Department of Financial Services. “With respect to cybersecurity, that is what is needed for large, systemically important social media companies.”

The high-profile hack saw several celebrity accounts taken over by a bitcoin scam that promised victims a 100% return on their investments. In addition to Obama and Musk, the hackers were able to take over accounts belonging to Joe Biden, Kim Kardashian West, Uber and Apple, among others. As one of the nation’s top regulators of virtual currency, the Department launched its investigation into the attack shortly after it came to light, and is based on subpoenas, witness interviews and documentary records.

Wednesday’s report said an unnamed 17-year-old hacker and several accomplices began calling Twitter employees pretending to offer help with the company’s VPN issues. The attack compromised at least one employee to start who did not have direct access to the celebrity accounts, but later expanded to include other employees who did have access. Aspects of the scam were reported last month by Wired.

“Since switching to remote working, VPN problems were common at Twitter,” the report said. “The Hackers then tried to direct the employee to a phishing website that looked identical to the legitimate Twitter VPN website and was hosted by a similarly named domain.”

The hackers used the fake website to steal the employee’s login credentials, the report said, then typed the stolen information into Twitter’s real administrative website, prompting a multi-factor authentication challenge. The hackers then asked for the security code over the phone to gain access to Twitter’s back end, according to the report. The hackers repeated the process for other employees.

Ultimately, the scheme resulted in a bitcoin scam that was spread widely to millions of users, and resulted in a haul of $118,000 worth of bitcoin, the report said.

Source link

Recent articles

Japan’s New Leader Sets Goal of Being Carbon Neutral by 2050

TOKYO — Japan will be carbon neutral by 2050, its prime minister said on Monday, making an ambitious pledge to sharply accelerate the...

Containerd Bug Exposes Cloud Account Credentials

The flaw (CVE-2020-15157) is located in the container image-pulling process. Source link

Two New Critters Arrive at Disney’s Animal Kingdom

Important: This post contains a big spoiler if you haven’t watched Episode 5 of Magic of Disney’s Animal Kingdom, called Aardvark Love. Some of...

Snail mail: US elex ballots mailed now may not arrive in time | US & Canada News

Voting advocates are warning that ballots mailed in now may not arrive in time to be counted and should be dropped off at...

Microsoft Is Releasing An Official Mandalorian Controller

Releasing on December 31, the Mandalorian wireless Xbox One controller is coupled with a charging stand and retails for $160. It's not made...

Leave a reply

Please enter your comment!
Please enter your name here