It’s that time of year again — Spotify has released its Wrapped experience for 2021, which takes users through a personalised story on their…
In its latest update on the massive July hack, Twitter has revealed how hackers targeted their employees through their smartphones.
The company says that hackers used phone spear phishing attack to gain access to employee credentials.
Spear phishing refers to targeting individuals by sending emails or messages that seem to be from a trusted sender. For example, a spear phisher may pose as a colleague or your boss.
They sometimes also pose as people you know outside of work, such as friends or family.
This differs from general phishing, which tends to use vague tactics and does not tailor its message to specific people.
Twitter also revealed that hackers implemented the attack on 15 July. This means that the initial breach and takeover of major accounts happened on the same day.
“The social engineering that occurred on July 15, 2020, targeted a small number of employees through a phone spear phishing attack,” Twitter said in their update on 30 July.
“Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes.”
Hackers then used this information to target more employees with more access to account support tools.
“Using the credentials of employees with access to these tools, the attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7,” Twitter said.
How will Twitter improve security after hack?
Some have questioned the level of access Twitter employees have to accounts on the platform. However, the company says that it has placed strict limitations on who can access these controls. Furthermore, these controls exist only to provide support functionality.
But the social network did say it’s speeding up the development of enhanced security features.
Twitter has also significantly limited access to tools and systems since the attack while the investigation continues.
Feature image: MORAN on Unsplash