Tuesday , August 4 2020
Breaking News
Home / Technology / Scammers conned Twitter staff to launch high-profile account hijack

Scammers conned Twitter staff to launch high-profile account hijack

“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” Twitter said. Social engineering involves hackers using faked emails and websites to trick a person into divulging sensitive information.

“We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.”

Loading

Twitter has not specified the exact nature of the systems and tools that were accessed. But images circulating online show a dashboard that keeps track of identity and account information for each Twitter user, as well as tags indicating suspicious activity or blocked status. It also appears to have options for adding or removing associated email addresses, which may have helped the attackers take full control of accounts.

Shortly after Twitter became aware of the attack it locked all verified accounts, preventing them from sending tweets. Functionality has since been restored to most accounts, but those that had tweeted the Bitcoin links remain locked while the investigation continues.

The scammers appeared to use multiple Bitcoin wallets, but the one listed in many tweets appears to have received almost 13 Bitcoin, or around $171,000.

Australian cyber security expert Troy Hunt said the amount of data collected by the attackers might depend on how long they had access to the system.

“Obviously if you could log into someone’s account you’d have access to all their direct messages”, he said.

Since the attackers gave themselves away by tweeting from prominent accounts, and timed their messages to hit in the afternoon in the US, Mr Hunt said it seemed likely a big payday was their motive.

However, he added that it was unusual for such a broad breach to be accomplished by petty criminals.

“Twitter’s controls were obviously insufficient with the benefit of hindsight, but were they sufficient based on the information we had at the time or was this just a super sophisticated hacker?”

Paul Ducklin, principal research scientist at British cyber security company Sophos, said the presence of cryptocurrency should always tip users off to a scam.

“Cryptocurrency transactions don’t have the legal protections that you get with banks or payment card companies,” he said.

“There is no fraud reporting service or transaction cancellation in the world of cryptocurrency. Sending someone crypto coins is like handing over banknotes in an envelope; if they go to a crook, you will never see them again.”

Most Viewed in Technology

Loading

About admin

Check Also

Microsoft said to be in talks to buy TikTok as Trump weighs curtailing app

San Francisco: Microsoft is in talks to acquire TikTok, the Chinese-owned video app, according to …