Security News > 2020 > July > Twitter Employees Targeted With Phone Spear-Phishing in Recent Attack
Twitter on Thursday revealed that several employees were targeted with phone spear-phishing in a social engineering attack leading to the recent security incident.
A total of 130 accounts were targeted in the incident, with hackers abusing internal Twitter systems and tools to reset the passwords for 45 of them.
On Thursday, Twitter confirmed that the hackers targeted several of its employees to gain access to internal systems and gather information on which employees might have access to the tools needed to reset passwords and take over accounts.
"Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes. This knowledge then enabled them to target additional employees who did have access to our account support tools," the social media platform revealed.
Twitter also notes that it plans on intensifying employee training and to accelerate improvements to its tools to ensure better security and more efficient detection and prevention of inappropriate access to accounts.
News URL
Related news
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Phone Phishing Gang Busted: Eight Arrested in Belgium and Netherlands (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)