Hours after the unexpected attack that resulted in high-profile accounts being taken over, Twitter has finally tried to explain what really went on. Twitter Support posted a series of tweets saying that its internal systems were compromised by the hackers.
This goes on to confirm prior theories that the attack was not a result of password infringement. Instead, the hackers in some way found access to the company’s own tools, that can only be done by employees.
“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” the first tweet in a multi-tweet explainer thread reads. “We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf.”
From the statement, you can draw out that the hack was conducted by several people. Moreover, it seems like Twitter is acknowledging that some of its employees were compromised as well.
It is still not clear exactly what tools the hackers accessed or even how the attack was done. However, a report by Motherboard has gone out to suggest that this was likely an inside job.
The report claims that various underground hacking groups have been sharing screenshots of an internal company admin tool. This was allegedly used to conduct the account takeovers, potentially by resetting the email accounts thus recover passwords.
Later on, Motherboard stated that some hackers have admitted to paying a Twitter employee to change the email addresses of popular accounts. According to them, this was done thanks to the internal tool so they could take control of them.
we spoke to two hackers and we were able to independently verify they were in control of hijacked accounts today. One of them said they paid the Twitter employee to help them take over accounts; not sure on the specifics here at the moment
— Jason Koebler (@jason_koebler) July 16, 2020
Some of the screenshots were also shared showing the internal tools that were allegedly used for the hacks. Reportedly, Twitter is suspending any account that shares the screenshots.
By now, we cannot be sure of what story to believe. But what we can be sure of is that twitter will be facing scrutiny regarding the internal security precautions put in place.
The company still states that investigations are still ongoing regarding the “malicious activity”. It is also not clear what else the hackers might have accessed during the takeover. This is considering that they possibly were able to look into the accounts’ private direct messages, for example.
And as Twitter implies, there could have been ulterior motives beyond just a cryptocurrency scam.