The hackers behind this month's epic Twitter violation have attacked a small number of employees through a "phishing attack with phone spears," the social media site said Thursday evening. If the stolen employee credentials did not provide access to account support tools, the hackers targeted additional employees who had the necessary permissions to access the tools.
"This attack was based on a major and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems," wrote Twitter officials in a post. “This was an impressive reminder of how important each person in our team is to protecting our service. We take this responsibility seriously and everyone on Twitter is committed to keeping your information safe.
Thursday's update also revealed that the hackers had downloaded personal information from seven of the accounts, but didn't say which.
The post was the latest update in the July 15 hack investigation that kidnapped accounts of some of the world's most famous celebrities, politicians, and leaders, and tweeted links to Bitcoin fraud. A small selection of account holders included Vice President Joe Biden, philanthropist and former Microsoft founder, CEO and chairman Bill Gates, Tesla founder Elon Musk, and pop star Kanye West.
It took hours for Twitter to return control of the accounts to its rightful owners. In some cases, the hackers regained control of the accounts even after their recovery, causing a tug of war between the intruders and the company's employees.
Hours after the breach was contained, Twitter said the incident was the result of loss of control over its internal management systems to hackers who either paid, tricked, or forced one or more of the company's employees. Since then, the company's employees have provided updates on a regular basis. The last one came last week when Twitter said the hackers were using their access to read private messages from 36 hijacked accounts and that phone numbers and other private messages could be displayed by 130 affected users.
Free employees curb
Critics said the incident showed that Twitter did not implement adequate controls to prevent sensitive user information from falling into the hands of insiders or people targeting it. Twitter has vowed to investigate how outsiders have access to sensitive internal systems and to take action to prevent similar attacks in the future.
The Thursday update provided more color for the functioning of internal systems and account tools. It said:
For a successful attack, the attackers had to be given access to both our internal network and certain credentials from the employees who gave them access to our internal support tools. Not all of the people who were initially approached were allowed to use account management tools, but the attackers used their credentials to access our internal systems and get information about our processes. This knowledge then allowed them to contact additional employees who had access to our account support tools. Using the credentials of employees with access to these tools, the attackers targeted 130 Twitter accounts, eventually tweeted from 45, accessed DM's inbox at 36, and downloaded the Twitter data from 7.
According to the update, the company has "significantly" restricted employee access to internal tools and systems since the attack, while the investigation continues. The restrictions mainly concern a function that allows users to download their Twitter data. However, other services are temporarily restricted.
"We will be slower to respond to support requests for accounts, reported tweets, and applications for our developer platform," the update said. "We apologize for the delays this causes, but we believe that this is a necessary precaution as we are making permanent changes to our processes and tools as a result of this incident." We will gradually resume our normal response times if we are certain that this is safe. Thank you for your patience as we work on it. "
The Thursday evening release also states that the company is accelerating unspecified and "existing security workstreams and improvements to our tools" and prioritizing security work across teams. Twitter also improves the ability to identify and prevent "inappropriate" access to internal systems.