Twitter Says That Its July 15th Security Breach Was Facilitated Via Spear Phishing

A fortnight ago, Twitter had a serious security breach that saw hackers take over some of the most popular accounts on Twitter. Affected users include Elon Musk, Joe Biden, Barack Obama, and Bill Gates, among other key humans. Twitter has given us a little more details about how exactly it happened. Several individuals from the ‘OGUsers’ gray-market forum have provided details about someone who goes by the handle ‘Kirk’ who was the original source of internal tools.

According to Twitter, a phone-based ‘spear phishing’ attack had singled out a ‘small number’ of Twitter employees who did not have complete access to the management tools. The attackers, however, ‘used their credentials to access our internal systems and gain information about our processes.’ The company didn’t confirm or deny the report that the access came from finding logins using their admin tool in their Slack channel. Also, there is still no word as to who is resonsible.

Twitter did, however, released more details regarding what the attackers did using their new-found access. They targetted 130 accounts while tweeting from 45 of them. They went into the DMs of 36 of them, and copied account data from 7. Twitter said ‘We are also improving our methods for detecting and preventing inappropriate access to our internal systems and prioritizing security work across many of our teams.’ The company has said that they are preparing a more detailed account of what happened.

Featured Image Credit: [Unsplash/Sara Kurfeß