Twitter has revealed more details as to how some high profile accounts were hacked earlier this month.
In a statement on its website, the firm revealed a ‘spear phishing’ attack was used to pilfer the personal details of unsuspecting Twitter staff and contractors.
This involves the hacker sending emails to the victim or calling them up pretending to be a known or trusted person in order to trick them into revealing confidential information.
This information was then used to gain access to internal account management tools which gave hackers free rein.
Insiders recently revealed that more than 1,000 Twitter employees had the ability to access internal tools and a number of these were targeted by hackers.
The cyber attack last week saw former US president Barack Obama, Microsoft founder Bill Gates and rapper Kanye West among the high-profile accounts affected.
Accounts of Elon Musk, Joe Biden, Jeff Bezos, Kim Kardashian West, Mike Bloomberg, Apple and Uber are also known to have been hit.
Tweets were simultaneously posted promoting a Bitcoin scam which promised followers free money if they transferred funds to a specific digital wallet.
The initial attack from the hackers saw them obtain login details to some of Twitter’s tools, but not the management-level access required to breach an account.
But the information garnered from the first employees was used to then go after the staff members who did have such access.
‘Using the credentials of employees with access to these tools, the attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7,’ Twitter said.
It is thought the orchestrators of the hack made about $121,000 from 400 payments.
The statement does not give any more details on exactly how the information was garnered other than it was via a spear phishing attack.
Generally, spear phishing is where criminals target an individual and use correct information about them to lull them into a false sense of security.
This fraudulent practice gains the trust if the individual and tricks them into handing over emails and sometimes passwords.
This information is extremely valuable to hackers as it can be used to try and access other accounts the individual may have access to.
In this case that was the internal tools at Twitter, but the technique is often used to obtain banking details.
British cybersecurity analyst Graham Cluley believes it is possible this targeted attack was done over the phone.
The victims likely received a message asking them to call a number.
‘When the worker called the number they might have been taken to a convincing (but fake) helpdesk operator, who was then able to use social engineering techniques to trick the intended victim into handing over their credentials,’ Clulely wrote on his blog.
Twitter adds that it has tightened restrictions on who can access the internal account management tools.
‘As a result, some features (namely, accessing the Your Twitter Data download feature) and processes have been impacted,’ it says.
‘We will be slower to respond to account support needs, reported Tweets, and applications to our developer platform,’ said Twitter.
‘We’re sorry for any delays this causes, but we believe it’s a necessary precaution as we make durable changes to our processes and tooling as a result of this incident.
‘We will gradually resume our normal response times when we’re confident it’s safe to do so.’