Hello dear readers, and welcome to the latest and greatest from VideoBytes: a brand new, video feature that we announced just yesterday.
On our debut post today, we’re talking to you about the Twitter hack, in which hackers accessed the Twitter accounts of 130 high profile figures, like Barack Obama, Joe Biden and Elon Musk by gaining access to an employee administrative panel.
Watch on to learn all about it! Or, as our esteemed host always says: Sit back, relax, here come the facts.
(And a quick note to our readers: For just a couple of days, you may see a YouTube title that doesn’t mention “VideoBytes.” Do not worry, there is nothing wrong with your … er, television set? That’s us, updating our videos as we move along.)
The hackers called Twitter employees on their phones and tricked them into handing over their passwords. Basically, they used some simple social engineering. They accomplished this by calling a lot of people and eventually obtaining a few passwords for accounts with fewer accesses. The attackers then worked their way into compromising accounts with more accesses and reset the passwords for 45 of the targeted accounts and logged in.
According to Twitter, 130 total accounts were targeted, 45 of them had tweets sent by attackers, 36 accounts had their direct messages accessed and a few accounts had their Twitter data archive downloaded. Yikes.
The tweets sent by the attackers using the hijacked accounts all pointed to a bitcoin gathering scam. Each tweet claimed that the user was “giving back” by sending people double the bitcoin they put into a wallet. If that immediately sounds too good to be true, well, it was.
The cryptocurrency wallet set up by the hackers collected about $120,000 worth of bitcoins. Interestingly enough, it could have been a lot more, but Coinbase, the US-based cryptocurrency exchange, blacklisted the bitcoin address for the hackers’ wallet. The exchange company therefor prevented almost 1000 users from getting scammed and sending bitcoin worth approximately $280,000 over to the hackers. Good work.
In response to this attack, Twitter blocked all accounts involved from tweeting for 3 hours while they cleaned it up.
To reduce the chance of it happening again, Twitter admins are also significantly limiting employee access to internal systems during the investigation and improving tools to identify unauthorized access to their internal systems.
Finally, Twitter is rolling out company-wide phishing training.
The administrative tools the hackers gained access to could disable two-factor authentication. So, victims had no chance of preventing their accounts from being hijacked. It was an unfortunate, but thankfully not devastating, lesson for the social media company.
The post VideoBytes: Twitter gets hacked! appeared first on Malwarebytes Labs.