In mid-July, the accounts of Elon Musk, Bill Gates, Joe Biden, Barack Obama, Kanye West, and many others were taken over to promote a cryptocurrency scam.
Twitter said that the entire system was targeted, rather than any specific account.
Now, it has confirmed that a “phone spear phishing attack” to target a small number of employees.
Spear phishing is when malicious individuals deceive victims into thinking they are someone they’re not, in order to gain personal information – in this case account management tools.
The attackers used the credentials of some Twitter employees to access internal systems and gain information about its “processes”, which then gave them the ability to target more employees who did have access to account support tools.
“The attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7”, Twitter said.
“We will provide a more detailed technical report on what occurred at a later date given the ongoing law enforcement investigation and after we’ve completed work to further safeguard our service.”
This report suggests a different narrative to one Motherboard reported at the time of the hack, which suggested that an individual paid a Twitter employee for access.
Motherboard apparently spoke to the hackers responsible on the condition of anonymity. Twitter refused to comment in response to questions on that aspect of the hack.
The aim of the hackers seemed to be simply financial, encouraging users to donate towards a bitcoin address.
Reports also suggested there was a series of hidden messages in the transactions.
The message stated: “Just Read All/Transaction Outputs As Text/You Take Risk When Use Bitcoin/For Your Twitter Game/Bitcoin is Traceable/Why Not Monero”.
Monero is a cryptocurrency with more privacy features than Bitcoin, and so it could be the hackers were hoping to direct more people towards the currency.
While the Twitter hack is arguably the worst in its history, it could have had even greater repercussions.
Control over Joe Biden, and Barack Obama’s accounts could have seriously disrupted narratives about the legitimacy of the November 2020 presidential election, something president Trump is already attempting.
Similarly, control of Bill Gates, Jeff Bezos, and Apple’s account could have sent ripples through the technology industry – especially before the technology CEOs were set to be interviewed by congress.