(Pocket-lint) - Twitter has shared more information about the 15 July 2020 security incident that saw several high-profile accounts - including President Barack Obama, SpaceX CEO Elon Musk, and Microsoft co-founder Bill Gates - tweet about a dodgy bitcoin scam.
The social network confirmed its employees were targeted as part of an unprecedented phone spear phishing attack, where a malicious actor tries to steal data from a user. This happens in a number of ways, like through malware. In this instance, one can presume the hackers scammed Twitter employees, likely by assuming the identity of another employee via mobile communications, to get them to reveal credentials needed to access internal systems.
Twitter published a blog post and a series of tweets to discuss the unprecedented attack, though it didn't outline exactly how it happened. “This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” Twitter explained.
By obtaining employee credentials, they were able to target specific employees who had access to our account support tools. They then targeted 130 Twitter accounts - Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7.— Twitter Support (@TwitterSupport) July 31, 2020
The social network said attackers targeted 130 accounts, tweeted from 45 accounts, and accessed the direct messages of 36 accounts. And seven accounts had their Twitter data downloaded. Twitter didn't reveal which accounts were affected, but it's been widely documented which tweeted about the bitcoin scam.
Twitter immediately locked the accounts and restricted features for many users the night of the attack and for several days after, and although many of the accounts have been restored, it warns: “Some features (namely, accessing the Your Twitter Data download feature) and processes have been impacted".
Twitter also announced it's restricted access to its internal tools and will improve methods for "detecting and preventing inappropriate access" to internal systems.
The FBI has also launched an investigation into the attack.