Twitter says phone spear phishing attack led to massive hack

The massive Twitter hack earlier this month that spread a cryptocurrency scam by hajacking accounts of high-profile celebrities, politicians and businesses was a result of a phone spear phishing attack, the social media platform has revealed.

“A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools,” Twitter said in an update on its investigation to the issue on Thursday.

The attackers targeted 130 Twitter accounts, ultimately tweeting from 45, accessing the DM (Direct Messages) inbox of 36, and downloading the Twitter Data of 7.

In the incident that occurred on July 15, accounts of major public figures including Barack Obama, Elon Musk, Bill Gates, Jeff Bezos, US Democratic presidential candidate Joe Biden, Apple, Uber were simultaneously hacked by attackers to spread a bitcoin scam.

The incident raised concerns around Twitter tools and levels of employee access.

Twitter said it has “zero tolerance” for misuse of credentials or tools, actively monitors for misuse, regularly audits permissions, and takes immediate action if anyone accesses account information without a valid business reason.

“Since the attack, we’ve significantly limited access to our internal tools and systems to ensure ongoing account security while we complete our investigation,” Twitter said.

As a result, some features — namely, accessing the Your Twitter Data download feature — and processes have been impacted.

Twitter said it will be slower to respond to account support needs, reported tweets, and applications to its developer platform.

“We’re sorry for any delays this causes, but we believe it’s a necessary precaution as we make durable changes to our processes and tooling as a result of this incident,” Twitter said.

“We will gradually resume our normal response times when we’re confident it’s safe to do so,” the company added.

Twitter said its investigation is ongoing, and it is working with the appropriate authorities to ensure that the people responsible for this attack are identified.