LOS ANGELES—The social media site Twitter released new details this weekend on last week’s shocking cyberattack that compromised 130 accounts, including those owned by such high-profile figures as Joe Biden, Elon Musk, Jeff Bezos, Bill Gates, and Barack Obama.
As AVN reported last week, some experts speculated that the hackers may have somehow compromised the “two-factor authentication” system used by the site’s employees to log in to its proprietary, administrative tools and user database.
The details released by Twitter three days after the July 15 hack, appear to confirm that breaking the two-factor authentication process was indeed one of the methods used by the hackers to gain unauthorized access to Twitter’s internal system.
But the cyber-attackers got through the system not by using any high-tech finesse, but simply by having “successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections.”
Twitter has yet to reveal whether the employees who were “manipulated” were paid by the hackers or otherwise cooperated willingly, or if they were simply duped. Last week, the tech news site Motherboard cited a “source” who claimed to be a hacker, and that the attackers paid off at least one Twitter employee. But that allegation remains unconfirmed.
Two-factor authentication is intended to add an additional layer of security to online accounts by requiring not only a standard password, but a unique code sent to a user’s cell phone.
When the hackers seized control of the high-profile accounts, they used them to post messages asking users to send $1,000 in BitCoin cryptocurrency, on the promise that it would be returned at twice the value. Reportedly, enough users suckered for the scam that $120,000 in BitCoin was transmitted to the account linked by the hackers.
But the losses could have been much worse. The cryptocurrency exchange CoinBase said on Monday that it had blocked about 1,100 more transactions in which users attempted to send BitCoin to the bogus account, according to a report by The Verge.
The attempted transactions would have resulted in another $280,000 ending up in the hackers’ account, according to the report. CoinBase said that 14 of its users parted with a total of $3,000 as a result of the Twitter hack, before further transactions were blocked.
But according to the details released by Twitter, that hackers also downloaded large amounts of personal data from eight users, using the “Your Twitter Data” tool. The data downloading tool is available to all accounts, providing users the opportunity to review all of the information that they have made available to Twitter.
Twitter did not identify which accounts were victims of the data theft, or offer any possible reason why a group interested only in running a BitCoin scam would also download large amounts of data on certain users.
Photo By Soumil Kumar / Pexels
