Twitter hack: How the massive breach happened

Over the weekend, Twitter shared more details about its investigation into how the breach affecting major accounts such as Bill Gates and Kanye West occurred.

The hack occurred on 15 July, when major verified accounts started tweeting out a Bitcoin scam. The scam resulted in over $117 000 worth of Bitcoin being sent to the hackers.

Hackers began transferring funds out of the Bitcoin wallet by the time the breach ended.

But how were hackers able to tweet on behalf of major accounts such as Barack Obama, Joe Biden, Elon Musk, and Jeff Bezos?

What caused the Twitter hack?

Hackers used a coordinated social engineering campaign, according to the company. This gave hackers access to internal tools via certain Twitter employees’ credentials.

“We believe attackers targeted certain Twitter employees through a social engineering scheme,” Twitter said in its blog post on the hack investigation.

“The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections.”

These tools were only available to internal support teams at Twitter.

Some have speculated that hackers extorted or paid Twitter employees for this access.

However, Twitter has not shared more details on exactly how hackers manipulated employees and whether these employees knowingly shared access.

“We are deliberately limiting the detail we share on our remediation steps at this time to protect their effectiveness and will provide more technical details, where possible, in the future,” Twitter said.

Accounts breached by hackers

In total, hackers were able to target 130 Twitter accounts. For 45 accounts, the hackers initiated a password reset to log into the account. They then sent and pinned tweets from these accounts.

According to Twitter, hackers may have also tried to sell some of the usernames for hacked accounts.

For eight of the accounts that hackers accessed, they also downloaded the accounts’ information and data using the “Your Twitter Data Tool”.

This data archive gives you a snapshot of all your account data, including direct messages and your address book.

While Twitter did not identify the eight affected accounts, the company said that none were verified accounts.

This rules out major world leaders such as US President Donald Trump and the accounts of many politicians.

Twitter users had openly wondered whether hackers would access data to extort high-profile users in future. The company has notified the eight affected accounts.

The investigation into the extent of the breach continues.

The company says that it will post any additional updates to its Twitter Support account.

Feature image: Shereesa Moodley/Memeburn