• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
AskCyber Home » News » Data Breach » How Attackers Login Twitter to Hijack 45 Accounts

How Attackers Login Twitter to Hijack 45 Accounts

2020-07-20 by Max

Login Twitter

Login to Twitter Accounts Accomplished With Classic Social Engineering Tactics

Threat actors successfully social engineered their way to login Twitter administrative areas. They used the access to take over 45 Twitter accounts last week. The hijacked accounts were quickly used in a cryptocurrency investment scam. The internal investigation is still ongoing.

Twitter attackers used social engineering to manipulate their way into gaining employee access to internal systems at Twitter. Social engineering is a form of a cyber attack where the threat actor works to learn as much information as possible about a target to increase the chances the scheme will work. For example, they may select a small group of employees at a company and collect information about their job titles, daily duties, and vendors they are familiar with. The attackers also collect contact information like email address and phone numbers. All of this information is taken from public websites like social media accounts and company websites. The threat actors use this harvested information to craft a highly personalized and targeted cyber attack. When personal information is included in a phishing email or scam phone call, the victim is far less likely to be suspicious of the contents of the message because it seems very familiar to them.

Twitter has not made it clear if any employee cooperated in some way.

45 Accounts Breached

The hackers attempted to gain access to 130 Twitter accounts – some of which were verified accounts. They were successful in gaining access to 45 accounts.

“The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections,” says an update from Twitter.

Verified Twitter accounts are those belonging to high-profile individuals – public figures, celebrities, companies, professional sports players, and politicians. Twitter verifies their identities to help protect their reputation and lend more credibility to the Tweets sent from these verified accounts.

Stolen Twitter Logins Belonging to Public Figures

  • Jeff Bezos, Amazon CEO
  • Kanye West, musician
  • Bill Gates, Microsoft CEO
  • Elon Musk, Tesla CEO
  • Joe Biden, Current Democratic presidential nominee
  • Barack Obama, former U.S. president
  • Warren Buffett
  • Michael Bloomberg, former NYC Mayor

Hijacked Company Twitter Logins

  • Apple
  • Binance
  • Coinbase
  • Coindesk
  • Gemini
  • Uber

The attackers were able to reset passwords and send Tweets from the hijacked accounts. They may have tried to sell some of the account usernames. In the case of eight accounts, the attackers downloaded the account history and data. These accounts were not verified.

The Twitter login cyber attack began on July 15. Tweets sent from the compromised Twitter account promised high returns for money given to a Bitcoin wallet. Bitcoin transactions cannot be reversed. Anyone who deposits cryptocurrency in a bitcoin wallet is unable to recover the money unless the recipient returns it.

The Twitter post states that the company is still working to remediate the and not disclosing those details at this time. The company was still working over the weekend to restore access to accounts impacted by this cyber attack as well as continuing their investigation.

Training to protect against social engineering attacks, phishing emails, malware, and other types of cyberattacks is a critical part of securing your computers, phones, and all online accounts from scammers and hackers. Low-cost apps like virtual private networks, called VPNs, can be used to protect a device as you use the internet. Using a VPN service like ExpressVPN Stop hackers from intercepting your usernames, passwords, and payment card information.

A password vault to create strong and unique passwords for each online account. It stores them in one server secure location, so you don’t have to worry about saving hundreds of passwords for every one of your logins including your Twitter login.

Filed Under: Data Breach Tagged With: Twitter

About Max

Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2022 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version