Twitter says massive hack was result of spear phishing attack

From CNET: A massive Twitter hack earlier this month that hijacked the accounts of dozens of high-profile politicians, celebrities and businesses to peddle a cryptocurrency scam was the result of a spear phishing attack, Twitter said late Thursday.

To succeed, attackers in the July 15 hack needed both access to Twitter's internal network as well as employee credentials that granted access to specific support tools, Twitter said in an update. The hackers' attack relied on an approach that typically involves bogus emails disguised as legitimate ones to fool recipients into revealing passwords or other sensitive information.

"Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes," Twitter said. "This knowledge then enabled them to target additional employees who did have access to our account support tools."

Twitter said 130 accounts were targeted in the attack, with hackers managing to tweet from 45 accounts, accessing the direct message inboxes of 36 accounts and downloading the Twitter data from seven.

View: Full Article