More than 1,000 Twitter employees had the security access needed to aid hackers

Former staff say many had the power to make changes to user account settings as well as hand over the controls to third parties

UPDATE: Over 1,000 Twitter employees and contractors are said to have had access to the same internal tools that are believed to have allowed cyber criminals to obtain control over 36 high-profile accounts, according to two former Twitter employees.

Speaking to Reuters, the former staff members familiar with Twitter security practices said that, in early 2020, these employees had the power to make changes to user account settings as well as hand over the controls to other parties.

The number includes not only permanent Twitter staff, but also contractors from American IT services provider Cognizant, raising questions as to why so many people were given such wide reaching security privileges.

Advertisement - Article continues below

The former employees also told Reuters that, despite last week’s breach, the company’s security policy is still an improvement on procedures operated during their time at the company. Twitter had decided to crack down on breaches by logging the activity of its staff following an incident in November 2019, when an employee was caught allegedly spying for the Saudi Arabian government.

According to Ilia Kolochenko, founder and CEO of web security company ImmuniWeb, the attack was "enhanced by exploitation of other weaknesses in Twitter’s internal security”.

“It is not excluded that the attackers were assisted by an insider or were exploiting a high-risk vulnerability detected in one of Twitter's web systems. Otherwise, we may reasonably infer that Twitter has virtually no internal security controls and best practices that we should normally expect from a tech company of its size,” he said.

Advertisement
Advertisement - Article continues below

Meanwhile, on a call to investors on Thursday,  Twitter Chief Executive Jack Dorsey admitted to missteps:

Advertisement - Article continues below

“We fell behind, both in our protections against social engineering of our employees and restrictions on our internal tools,” he said.

23/07/2020: Cyber criminals who targeted 130 accounts as part of last week’s major Twitter hack gained access to the private communications of up to 36 account holders, the company has confirmed.

Among the targeted individuals, hackers compromised 45 accounts to the extent they were able to send tweets, and a fourth 36 had their direct messages accessed, according to the firm. It's believed at least eight accounts had their archived account data accesed through the ‘Your Twitter Data’ tool, which holds the entirety of their account activity, although none of these eight accounts are ‘verified’ on the platform.

Twitter hasn’t indicated whether there's any overlap between those whose accounts were compromised, those whose DMs were accessed, and those whose archived data was downloaded.

Related Resource

E-signatures 2020: Use cases and opportunities

Your comprehensive guide to how e-signatures can benefit your business

Download now

Several high-profile individuals, including former US President Barack Obama and democratic frontrunner Joe Biden were among those involved in the hack, evidenced by a number of Tweets promoting a fraudulent Bitcoin buy-back scheme, suggesting these were among the 45. Other accounts tweeting in such a way included Jeff Bezos, Bill Gates, and other prominent business figures.

Advertisement - Article continues below

The fraudulent tweets described a scheme in which any Bitcoin donated to a specific wallet would be returned to the user doubled. To date, the scam has attracted 396 Bitcoin transactions worth more than £96,000 in all.

Generally, should a hacker gain full control of an account to the point they could send tweets, they would also be able to read previously sent direct messages, or even send new ones with ease.

Twitter, however, has insisted that just one elected official, an unnamed Dutch politician, was among those whose DMs were accessed. There is currently no indication, the company added, that any other former or current elected officials had their DMs accessed, ruling out the likes of Obama or Biden as being among the 36.

Although attackers gained full control over some accounts, Twitter has said they would have been unable to view previous passwords as these are not stored in plain text. It added that even with access to internal tools hackers would still have been unable to view these.

Advertisement - Article continues below

Hackers were, however, able to view personal information, including email addresses and phone numbers, which are displayed to some employees who have access to internal company support tools.

Of the accounts that were taken over, hackers were able to view what Twitter has described as “additional information”. The company added its forensic investigation of these activities is still ongoing.

McAfee founder John McAfee, meanwhile, has suggested his own Twitter account has been either hacked or frozen in the past 12 hours, with some tweets disappearing or seen by only a handful of individuals. It's unclear whether these reports are related with last week's major hack.

As the probe continues, Twitter said it would further secure its systems to prevent future attacks, and roll out additional company-wide training to guard against social engineering tactics.

This story was updated on 24/07/2020

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement
Advertisement

Recommended

Russia hacked Liam Fox's personal email to steal trade documents
phishing

Russia hacked Liam Fox's personal email to steal trade documents

4 Aug 2020
British teenager charged over Twitter hack
hacking

British teenager charged over Twitter hack

3 Aug 2020
Mid-year report says vulnerabilities up 22% in 2020
hacking

Mid-year report says vulnerabilities up 22% in 2020

30 Jul 2020
BlackRock banking Trojan targets Android apps
trojans

BlackRock banking Trojan targets Android apps

27 Jul 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020