Twitter employees were spear-phished over the phone

2020-07-31 11:09

"The social engineering that occurred on July 15, 2020, targeted a small number of employees through a phone spear phishing attack," Twitter explained.

"Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes. This knowledge then enabled them to target additional employees who did have access to our account support tools."

Twitter says that access to its internal account support tools is "Strictly limited" and "Only granted for valid business reasons", but apparently the attackers had a sizeable number of possible targets to try their luck with, as over a thousand Twitter employees and contractors had access to internal tools.

What's Twitter doing to prevent similar attacks in the future?

The attacker targeted 130 Twitter accounts in all, tweeted from 45 of them, accessed the DMs of 36, and downloaded Twitter data of 7 users.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/hcHqctd7Ls0/

#phone #twitter

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Twitter		5	0	6	2	0	8