By Rachel Lerman
Twitter said Thursday that the cyberattack that took down big parts of its site this month was caused by hackers manipulating employees over a more old-school method: the phone.
Hackers called a "small number" of employees in a phone spear phishing scheme, Twitter tweeted from its support account. Phishing attacks are designed to fool people into thinking the sender or caller is safe by imitating a company or trusted person. The attackers were able to get access to some internal tools from the initial employees they targeted, and then learn specifically who had access to account support controls and targeted them next.
The July 15 hack, which was dubbed one of the largest social media platform security breaches in recent memory by cybersecurity experts, took over accounts of high-profile users including former president Barack Obama, presumptive Democratic presidential nominee Joe Biden and Tesla CEO Elon Musk. The hackers then used those accounts and tweeted about a fake bitcoin deal.
It took Twitter hours to regain control of the site, and the company temporarily locked down all verified accounts. Others lost control of their accounts completely if they tried to change their passwords. It took Twitter days to restore access to those accounts, which the social media account locked for safety.
The hack has cast doubt that Twitter's cybersecurity measures were strong enough and has triggered an FBI investigation. Cybersecurity experts pointed out how fortunate it was that hackers appeared only to be trying to scam people for money and not attempting to compromise national security. Many politicians, including President Donald Trump, use Twitter as a major form of communication.
"This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems," Twitter said Thursday. The company said it was a "striking reminder" of how important each employee is for protecting security.
Twitter previously said that hackers gained access to 130 accounts and tweeted from 45 of them. CEO Jack Dorsey apologized for the hack on a company earnings call last week, saying Twitter "fell behind" in some security restrictions.
Twitter said employee access to internal account management tools is "strictly limited" and that it would now be looking at making its processes "even more sophisticated."
It's not the first time that Twitter employees have triggered security issues.
Trump's Twitter account was taken down for 11 minutes in 2017 by a departing company employee. After the incident, Twitter tweeted that it had "implemented safeguards to prevent this from happening again." It declined to share details at the time.
The Washington Post