Social media giant Twitter on Saturday said that cyber criminals targeted some of its employees through a social engineering scheme and used their credentials to access its internal systems for hacking multiple accounts in the Bitcoin scam.
The company examined angle of social engineering in coercing employees into divulging crucial information as it continues to reel past what is being touted as the biggest ever attack on its security in history.
“The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections,” the company said in a blog post on the matter.
Reports also said that the attackers appear to have used social engineering tactics to force employees to take certain actions and divulge key information.
From initial assessments, Twitter has found that the hack compromised 130 accounts, 45 of which “the attackers were able to initiate a password reset, login to the account, and send Tweets.” Additionally, the hackers took steps to begin downloading statistics from eight of those accounts.
The hack which took place on Wednesday saw Barack Obama, Joe Biden, Elon Musk and more well-known US figures lose access to their accounts. The hackers then posted messages urging users to send bitcoin to an account to receive double the amount back.
Twitter was forced to issue a blanket ban on tweeting from all verified accounts.
The New York Times reported that the attack was coordinated between four people, one of whom said he was a Twitter employee. Two of the group, from the US and UK, reached out to the paper saying their participation involved hacking lesser-known accounts with attractive usernames for later reselling and had not anticipated the scale of the attack.
The hack saw the perpetrators rake in the bitcoin equivalent of $180,000 in a matter of hours. The Federal Bureau of Investigations has launched a probe into the attack.
The hack is the largest the company has ever experienced which may put a dent in the security reputation of what is essentially the world’s de facto wire service.
(Image Courtesy: www.assets2.rappler.com)