The Twitter Hack Could Have Been Much Worse
Twitter on Wednesday suffered its worst security breach in history after a number of high-profile accounts were hijacked to promote a cryptocurrency scam that earned its creators nearly $120,000.
The company called it a "a coordinated social engineering attack" aimed at its employees who have access to its backend tools to send out tweets on behalf of verified profiles, adding "we believe approximately 130 accounts were targeted by the attackers."
Following the unprecedented hacks of the accounts, Twitter took the drastic step of temporarily blocking verified accounts from sending out new tweets in an attempt to halt the attack. Out of caution, the company said it's also locking accounts of select users who changed their passwords in the past 30 days, although it added it found no evidence that the "attackers accessed passwords."
Details are still scarce on how exactly the hack happened or even to what extent Twitter's own systems were compromised, and if the attackers could have had access to direct messages of the affected accounts.
What's now becoming clear is that word of the impending hack spread days before in an underground grey market username-trading forum called OGUsers, where "a user named 'Chaewon' advertised they could change email address tied to any Twitter account for $250, and provide direct access to accounts for between $2,000 and $3,000 apiece."
Reports from Motherboard, TechCrunch and security researcher Brian Krebs indicate that the actors behind the operation had access to Twitter's admin panel, a tool that lets its employees change the email address associated with an account, with Krebs noting that the attack may have been perpetrated by Joseph James Connor, a 21-year-old English SIM swapper linked to a group that hijacked the company chief executive Jack Dorsey's account last year.
The breach raises several serious questions about the social media giant's access control mechanisms (the fact that the attackers were able to take over accounts protected by multi-factor authentication is troubling), not to mention the possibility that this could have been an inside job.
What's more, it's worth noting that all major platforms, counting Twitter, alert users when there's a sign-in attempt from a previously unencountered device or location as a security measure to prevent unauthorised logins. It's not immediately clear how these protections were bypassed.
Twitter has yet to comment on these claims, though the company stated it's "working around the clock" on the matter and that it has "taken significant steps to limit access to internal systems and tools." The FBI also confirmed that it's launched an investigation into the incident.
Needless to say, the national and international security implications of the Twitter attack are evident, as hackers could have caused far more serious damage with access to such high-profile accounts, thereby putting the credibility of the platform at stake.
The company called it a "a coordinated social engineering attack" aimed at its employees who have access to its backend tools to send out tweets on behalf of verified profiles, adding "we believe approximately 130 accounts were targeted by the attackers."
Following the unprecedented hacks of the accounts, Twitter took the drastic step of temporarily blocking verified accounts from sending out new tweets in an attempt to halt the attack. Out of caution, the company said it's also locking accounts of select users who changed their passwords in the past 30 days, although it added it found no evidence that the "attackers accessed passwords."
Details are still scarce on how exactly the hack happened or even to what extent Twitter's own systems were compromised, and if the attackers could have had access to direct messages of the affected accounts.
What's now becoming clear is that word of the impending hack spread days before in an underground grey market username-trading forum called OGUsers, where "a user named 'Chaewon' advertised they could change email address tied to any Twitter account for $250, and provide direct access to accounts for between $2,000 and $3,000 apiece."
Reports from Motherboard, TechCrunch and security researcher Brian Krebs indicate that the actors behind the operation had access to Twitter's admin panel, a tool that lets its employees change the email address associated with an account, with Krebs noting that the attack may have been perpetrated by Joseph James Connor, a 21-year-old English SIM swapper linked to a group that hijacked the company chief executive Jack Dorsey's account last year.
The breach raises several serious questions about the social media giant's access control mechanisms (the fact that the attackers were able to take over accounts protected by multi-factor authentication is troubling), not to mention the possibility that this could have been an inside job.
What's more, it's worth noting that all major platforms, counting Twitter, alert users when there's a sign-in attempt from a previously unencountered device or location as a security measure to prevent unauthorised logins. It's not immediately clear how these protections were bypassed.
Twitter has yet to comment on these claims, though the company stated it's "working around the clock" on the matter and that it has "taken significant steps to limit access to internal systems and tools." The FBI also confirmed that it's launched an investigation into the incident.
Needless to say, the national and international security implications of the Twitter attack are evident, as hackers could have caused far more serious damage with access to such high-profile accounts, thereby putting the credibility of the platform at stake.
Comments
Post a Comment