Home United States USA — Financial Twitter Struggles to Unpack a Hack Within Its Walls

Twitter Struggles to Unpack a Hack Within Its Walls


Even some basic questions about how an array of Twitter’s most popular accounts were taken over remain unanswered.
As forensic investigators at Twitter hurried on Wednesday to discover the origin of one of the worst hack’s in the company’s history, the team came to a startling conclusion: The hack was coming from an account inside the house.
But even by Thursday afternoon,24 hours after hackers pushed a Bitcoin scam from the accounts of political leaders like Joseph R. Biden and industry titans like Elon Musk, the company’s researchers were still struggling to nail down many other basic aspects of the breach, including whether an employee had been willfully complicit. The company was also still sorting out how many accounts were affected, and whether the attackers had gained access to details within the accounts, such as private messages.
A few things were certain. Investigators know that at least one employee’s account and credentials were taken over and used to gain access to an internal dashboard, allowing the infiltrator to control most Twitter accounts, according to two people briefed on the company’s investigation. They would speak only anonymously because the investigation was still underway.
Yet many of the details remained unclear, the people said. Investigators were still trying to determine if the hackers tricked the employee into handing over login information. Twitter suggested on Wednesday that the hackers had used “social engineering,” a strategy to gain passwords or other personal information by posing as a trusted person like a company representative. But another line of inquiry includes whether a Twitter employee was bribed for their credentials, something one person who claimed responsibility for the hack told the technology site Motherboard.
The Federal Bureau of Investigation said it was looking into the hack. “At this time, the accounts appear to have been compromised in order to perpetuate cryptocurrency fraud,” the agency said in a statement. “We advise the public not to fall victim to this scam by sending cryptocurrency or money in relation to this incident.”
Twitter said in a statement, “We’ve taken steps to further secure our systems and will continue to share what we learn through our investigation.”
The hack, and the company’s inability to quickly figure out what happened, is a major embarrassment for Twitter. Over the past year, in response to damaging revelations that disinformation spread widely on the service during the 2016 presidential election, Jack Dorsey, the chief executive, put a priority on promoting healthy and trustworthy tweets.

Continue reading...