On July 30, Twitter released an update showing how hackers access their intranets and account management tools during the latest attack.
It also describes further measures to improve security after the hacking that resulted in 12 bitcoins (BTC) being obtained by targeting the celebrity and crypto companies’ Twitter accounts.
The update confirmed that Twitter has been the victim of a social engineering attack, and it has raised rumors that the hacking may be an internal work.
According to the report, the incident began on July 15 with a submarine attack targeting a small number of employees over the phone to obtain identification for network access:
“Not all employees who were originally targeted had permissions to use account management tools, but attackers used credentials to access our internal systems and obtain information about our activities.”
The attackers then used this knowledge to target multiple employees with access to account support tools.
Poor workers lose their tools
In response to reports that more than 1,000 employees have access to management tools, Twitter made it clear that teams around the world are helping to maintain the account.
However, access to the tools is very limited and is provided only for legitimate business reasons. Access to it has been very limited since the attack, and an ongoing educational program on the dangers of phishing attacks will continue.
During the hacking, the attackers gained access to 130 Twitter accounts, tweeted 45 of them, went into an inbox with 36 instant messages and downloaded Twitter data in seven.