Twitter’s employees were manipulated into providing access to the social network’s internal systems to attackers, the company has revealed in an update to its investigation into a recent Bitcoin scam, one that affected prominent accounts including Apple.
Twitter’s employees were manipulated into providing access to the social network’s internal systems to attackers, the company has revealed in an update to its investigation into a recent Bitcoin scam, one that affected prominent accounts including Apple.
Published late on Friday, the update details what Twitter’s security teams believes happened on July 15, which saw a number of Twitter accounts with high follower accounts post a tweet designed to take Bitcoin payments from the account’s readers.
Twitter’s summary of events seemingly confirms early reports claiming some sort of social engineering was attempted, the microblogging service believes attackers targeted «certain Twitter employees» and was successful with a small number. Credentials acquired via the scheme were then used to access Twitter’s internal systems, including getting through the company’s two-factor protections.
As of the time of the update, Twitter believes only 130 accounts were targeted in the attack, which included Apple and personalities such as Tesla’s Elon Musk and Amazon’s Jeff Bezos. For 45 of the accounts, attackers were able to «initiate a password reset, login to the account, and send tweets.»
Up to eight of the accounts were also subjected to an extra step, where the attackers used the «Your Twitter Data» tool to acquire more details about the account and the user.
