“This attack was based on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” Twitter officials wrote in a post. “It was a vivid reminder of the importance of every member of our team in protecting our service. We take this responsibility seriously and everyone at Twitter is committed to protecting your information.
Thursday’s update also revealed that the hackers downloaded personal data from seven of the accounts, but did not say which ones.
The post was the latest update from the July 15 hacking investigation that hijacked accounts belonging to some of the world’s most well-known celebrities, politicians and leaders and caused them to tweet links to Bitcoin scams. A small sample of account holders included Vice President Joe Biden, philanthropist and former founder, CEO and chairman of Microsoft, Bill Gates, Tesla founder Elon Musk, and pop star Kanye West.
It took hours for Twitter to return control of the accounts to their rightful owners. In some cases, hackers regained control of accounts even after their recovery, resulting in a standoff between intruders and company employees.
Hours after containing the breach, Twitter said the incident was the result of the loss of control of its internal administrative systems to hackers who paid, deceived or coerced one or more employees of the company. Company officials have provided regular updates since then. The most recent came last week, when Twitter said hackers used their access to read private messages from 36 hacked accounts and that phone numbers and other private messages could be viewed by 130 affected users.
Free from employee reins
Critics said the incident showed that Twitter did not have appropriate controls in place to prevent sensitive user information from falling into the hands of company insiders or people who target them. Twitter is committed to investigating how outsiders gained access to sensitive internal systems and to taking action to prevent similar attacks in the future.
Thursday’s update provided more color on how internal systems and account tools work. It said:
A successful attack required attackers to have access to both our internal network and specific employee credentials that allowed them to access our internal support tools. Not all employees initially targeted were permitted to use account management tools, but attackers used their credentials to gain access to our internal systems and gain insight into our processes. This knowledge then enabled them to target additional employees who had access to our account support tools. Using the credentials of employees with access to these tools, attackers targeted 130 Twitter accounts, eventually tweeting from 45, accessing the DM inbox of 36, and downloading Twitter data from 7.
The update says that since the attack, the company has “significantly” limited employee access to internal tools and systems while the investigation continues. The restrictions primarily affect a feature that allows users to upload their Twitter data, but other services will also be temporarily restricted.
“We will be slower to respond to account support needs, Tweets, and applications reported to our development platform,” the update said. “We are sorry for the delays this causes, but we believe this is a necessary precaution as we are making lasting changes to our processes and tools following this incident. We will gradually return to our normal response times when we are satisfied that it is safe to do so. Thank you for your patience as we work on this issue. ”
Thursday night’s post also said the company was speeding up unspecified and pre-existing security workflows and improvements to our tools and prioritizing security work between various teams. Twitter is also improving the means to detect and prevent “inappropriate” access to internal systems.