Security News > 2020 > October > Twitter Hack: 24 Hours From Phishing Employees to Hijacking Accounts
Hackers needed roughly 24 hours to take over high-profile Twitter accounts in the July attack, a report from the New York Department of Financial Services reveals.
A couple of weeks after the incident, Twitter revealed that hackers targeted some employees with phone phishing until gaining access to the account support tools they needed.
In the afternoon of July 14, pretending to be calling from the IT department at Twitter in response to some issues with the VPN, the hackers called several of the social platform's employees and directed them to enter credentials on a phishing page.
"The Department found no evidence the Twitter employees knowingly aided the Hackers. Rather, the Hackers used personal information about the employees to convince them that the Hackers were legitimate and could be trusted. While some employees reported the calls to Twitter's internal fraud monitoring team, at least one employee believed the Hackers' lies," the report reveals.
Soon after gaining the ability to take over Twitter accounts, the hackers started discussing the sale of OG usernames, and then began publicly demonstrating their access to Twitter's internal systems: on July 15, just before 2:00 p.m., they hijacked multiple OG accounts and posted screenshots of a Twitter internal tool.