The hackers used social engineering to target some of the Twitter employees and then accessed high-level accounts. The attackers sent tweets from public figures’ accounts, offering to send $ 2,000 for every $ 1,000 sent to an anonymous Bitcoin address.
Cybersecurity experts say such a breach could have dire consequences as attackers tweeted from verified and influential accounts globally with millions of followers.
“If you receive a tweet from a verified account belonging to someone you know and therefore trust, you can no longer assume that it is really from them,” said Michael Gazeley, general manager of the cybersecurity firm Network. Box.
Responding to the violation, Twitter quickly deleted the tweets and locked accounts to investigate. In the process, this prevented verified users from sending tweets for several hours.
The company said Thursday it had taken “significant steps to limit access to internal systems and tools.”
Internally, we have taken significant steps to limit access to internal systems and tools while our investigation continues. More updates to come as our investigation continues.
– @ TwitterSupport
Many celebrities, politicians and business leaders often use Twitter as a public platform for making statements. President Donald Trump, for example, regularly uses Twitter to publish articles on national and geopolitical issues, and his account is closely followed by the media, analysts and governments around the world.
Twitter faces a tough battle to regain people’s trust, Gazeley said. To start, he needs to understand how exactly the accounts were hacked and show that the vulnerabilities have been fixed, he said.
“If key Twitter employees have been deceived, it is actually a serious cybersecurity problem in itself,” he said. “How can one of the most used social media platforms in the world have such poor security, from a human point of view?” “
Rachel Tobac, CEO of Socialproof Security, said the breach appeared to be largely financially motivated. But such an attack could have more serious consequences.
“Can you imagine if they had taken over the account of a world leader and tweeted a threat of violence against the leader of another country? Asked Tobac, a social engineering hacker who specializes in training businesses to protect themselves from such violations.
Social engineering attacks generally target human weaknesses to exploit networks and online platforms. Businesses can guard against such attacks by strengthening multi-factor authentication – where users must present multiple pieces of evidence as authentication before being allowed to log into a system, said Tobac.
Such a process could include having a physical token that an employee must have with them, in addition to a password, before they can log into a corporate or other private system. Other methods include installing technical tools to monitor suspicious insider activity and reducing the number of people who have access to an administrative panel, said Tobac.
Call for cooperation
US Senator Josh Hawley called on Twitter to cooperate with authorities, including the Department of Justice and the FBI, to secure the site.
“I am concerned that this event is not just a coordinated set of separate hacking incidents, but rather a successful attack on the security of Twitter,” he said.
He added that millions of users rely on Twitter not only to send tweets but also to communicate privately via direct messaging.
“A successful attack on your system’s servers poses a threat to the privacy of all of your users and to data security,” said Hawley.