Social networking giant Twitter said on Saturday that the hacking episode earlier this week was the result of the attackers targeting employees of the company through a “social engineering” scheme. In a blog post, Twitter said social engineering is “the intentional manipulation of people into performing certain actions and divulging confidential information” in the context of the breaches.
The Twitter accounts of former United States President Barack Obama, Democratic presidential candidate Joe Biden, Tesla Chief Executive Officer Elon Musk, Microsoft co-founder Bill Gates and Apple, were among those hacked on July 15, by scammers trying to dupe people into sending cryptocurrency bitcoin.
“The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections,” Twitter said. “We know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets.”
The social media network said it is conducting a “forensic review” of all the accounts in order to ascertain all actions the hackers may have taken. The blog post also said that the hackers may have tried to sell some usernames.
“For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our ‘Your Twitter data’ tool,” the company said. This tool provides the owner of the account with detailed information about their activity. The company said none of the eight accounts that were so compromised were verified accounts.
Twitter insisted that it had moved quickly to address the situation when it became aware of the breach on July 15. “Our incident response team secured and revoked access to internal systems to prevent the attackers from further accessing our systems or the individual accounts,” it said. Twitter said it also restricted the functionality of several accounts, in order to prevent the attackers from compromising them. Accounts where a password had been recently changed were also locked. However, Twitter has by Saturday been able to restore functionality to most of these accounts.
The social media company claimed that the attackers did not get to see private information, such as previous account passwords, of most of the users whose accounts they hacked. However, they were able to view personal information including email addresses and phone numbers.
“In cases where an account was taken over by the attacker, they may have been able to view additional information,” Twitter said. “Our forensic investigation of these activities is still ongoing.”