Security News > 2020 > July > Twitter: Epic Account Hack Caused by Mobile Spearphishing

A mobile spearphishing attack targeting "a small number of employees" is what led to the unprecedented, major attack earlier in the month on high-profile Twitter accounts to push out a Bitcoin scam.

On the day of the attack, Twitter revealed that the accounts fell victim to a compromise of the company's internal systems by a group of unidentified hackers that managed to access Twitter company tools and secure employee privileges.

Since not all of the employees that were initially targeted had permissions to use the account management tools key to the attack, the attackers used a two-step approach to hack their way in, according to Twitter.

This unfortunately will result in some disruption of user account service, including limiting access to the Twitter Data download feature and other processes, Twitter acknowledged.

Another plausible theory also emerged around screenshots of Twitter's internal tools that appeared on underground forums ahead of the attacks due to a bribe of a lone rogue Twitter employee, but Twitter later refuted this claim.

News URL

https://threatpost.com/twitter-hack-mobile-spearphishing-scam/157896/