Twitter finally gave an update on the recent Cryptographic Scam and Breach on Twitter. The recent hijacking attacks on the platform affected several high profile people’s account including former President Barack Obama, Joe Biden, Elon Musk, Bill Gates, Kanye West, Michael Bloomberg, and Apple. The hijacking is a part of cryptocurrency scam which resulted to a phishing website CryptoForHealth which gave the hijackers almost $120,000 in bitcoin.
In recent update Twitter said the investigation on the incident is still going on and summarized the details found till now. According to the company the attackers accessed the internal tools, including two-factor authentication by manipulating few group of employees. Twitter quickly restricted tweeting, password reset for many accounts which the twitter eventually restored after few hours.
According to the company
- Hackers interacted with 130 different accounts on Twitter
- Attackers had enabled password reset and login to the account to send tweets
- Almost eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool, a tool that is meant to provide an account owner with a summary of their Twitter account details and activity. Twitter is trying to reach out directly to any account owner where they know this to be true.
- None of the eight were verified accounts.
- Attackers were not able to view previous account passwords, as those are not stored in plain text or available through the tools used in the attack.
- Attackers were able to view personal information including email addresses and phone numbers, which are displayed to some users of our internal support tools.
- The cases where an account was taken over by the attacker, they may have been able to view additional information. Twitter forensic investigation of these activities is still ongoing.
- Twitter said it believes hackers also tried to sell access to some hijacked Twitter accounts
According to company, Twitter next steps are restore access to account owners whose accounts may be locked out, Further securing our systems to prevent future attacks. Rolling out additional company-wide training to guard against social engineering tactics to supplement the training employees receive during onboarding and ongoing phishing exercises throughout the year.
Twitter is also working with continuing the investigation of the incident along with law enforcement.