Login to Twitter Accounts Accomplished With Classic Social Engineering Tactics
Threat actors successfully social engineered their way to login Twitter administrative areas. They used the access to take over 45 Twitter accounts last week. The hijacked accounts were quickly used in a cryptocurrency investment scam. The internal investigation is still ongoing.
Twitter attackers used social engineering to manipulate their way into gaining employee access to internal systems at Twitter. Social engineering is a form of a cyber attack where the threat actor works to learn as much information as possible about a target to increase the chances the scheme will work. For example, they may select a small group of employees at a company and collect information about their job titles, daily duties, and vendors they are familiar with. The attackers also collect contact information like email address and phone numbers. All of this information is taken from public websites like social media accounts and company websites. The threat actors use this harvested information to craft a highly personalized and targeted cyber attack. When personal information is included in a phishing email or scam phone call, the victim is far less likely to be suspicious of the contents of the message because it seems very familiar to them.
Twitter has not made it clear if any employee cooperated in some way.
45 Accounts Breached
The hackers attempted to gain access to 130 Twitter accounts – some of which were verified accounts. They were successful in gaining access to 45 accounts.
“The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections,” says an update from Twitter.
Verified Twitter accounts are those belonging to high-profile individuals – public figures, celebrities, companies, professional sports players, and politicians. Twitter verifies their identities to help protect their reputation and lend more credibility to the Tweets sent from these verified accounts.
Stolen Twitter Logins Belonging to Public Figures
- Jeff Bezos, Amazon CEO
- Kanye West, musician
- Bill Gates, Microsoft CEO
- Elon Musk, Tesla CEO
- Joe Biden, Current Democratic presidential nominee
- Barack Obama, former U.S. president
- Warren Buffett
- Michael Bloomberg, former NYC Mayor
Hijacked Company Twitter Logins
- Apple
- Binance
- Coinbase
- Coindesk
- Gemini
- Uber
The attackers were able to reset passwords and send Tweets from the hijacked accounts. They may have tried to sell some of the account usernames. In the case of eight accounts, the attackers downloaded the account history and data. These accounts were not verified.
The Twitter login cyber attack began on July 15. Tweets sent from the compromised Twitter account promised high returns for money given to a Bitcoin wallet. Bitcoin transactions cannot be reversed. Anyone who deposits cryptocurrency in a bitcoin wallet is unable to recover the money unless the recipient returns it.
The Twitter post states that the company is still working to remediate the and not disclosing those details at this time. The company was still working over the weekend to restore access to accounts impacted by this cyber attack as well as continuing their investigation.
Training to protect against social engineering attacks, phishing emails, malware, and other types of cyberattacks is a critical part of securing your computers, phones, and all online accounts from scammers and hackers. Low-cost apps like virtual private networks, called VPNs, can be used to protect a device as you use the internet. Using a VPN service like ExpressVPN Stop hackers from intercepting your usernames, passwords, and payment card information.
A password vault to create strong and unique passwords for each online account. It stores them in one server secure location, so you don’t have to worry about saving hundreds of passwords for every one of your logins including your Twitter login.
Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.
