Hackers Downloaded 8 Twitter’s Private Accounts Data Successfully
Twitter Employees Were Manipulated To Gain Access to Internal Tools
After the recent coordinated attack on twitter in which multiple, high-profiled verified accounts on Twitter were hacked. During which+h they were able to obtain private accounts data from eight twitter accounts. According to the company, the hackers were able to pull this stunt by using certain specific tools and internal systems that are only available for the usage of working employee staff that was present inside the building at the time of the attack.
Twitter accounts hacked
During the breach of the social networking platform, the hackers were able to illegally obtain sensitive information on Kanye West, Barack Obama, Bill Gates, and Elon Musk, along with multiple other high profiled celebrities. The hackers posted the same tweet on all accounts regarding sending money in the form of Bitcoin, a form of cryptocurrency that is commonly used nowadays.
Twitter had confirmed that the perpetrators were able to download private accounts data from eight accounts from the social networking site while illegally accessing the accounts on Wednesday before they were shut down. Twitter has declined to provide the names of the account holders whose information has been illegally obtained while assuring that none of them had been a verified account. Having a verified account on twitter means that a blue tick mark will be placed right beside the name of the account, implying that this specific account and account user has been completely verified by Twitter.
The employees whose credentials were used to orchestrate the attack were taken through a social engineering scheme. By this, those employees were intentionally manipulated to perform certain compromising actions and divulging classified information. Due to which a small portion of the twitter staff was successfully and easily manipulated.
Once the hackers were inside the user accounts, they were not able to see the existing password for the account but had complete access to all private accounts data, including phone numbers, email address, and previous passwords. The hackers were also able to see all direct messages sent and received by the person.
Sensitive Data Downloaded by hackers
The hackers who were able to download private accounts data from eight users were allowed to easily and quickly download sensitive information by using a tool within the twitter account that allows the user to download all information by just a single click. The hackers took private accounts data includes:
- Direct private messages that include videos and photos
- Phone contacts, that the twitter app imports from the Smartphone contact list
- Location history, places and IP addresses where the account was logged
- Accounts that have been blocked or muted by the user
- Demographic information and interests that twitter had inferred while the user was using the social networking site
It has also been suggested that the hackers were able to access the private accounts data when they gained access to credentials that were shared on the Slack messaging channel, a Twitter’s internal service commonly used by companies instead of emails.
Twitter issued a statement in which they verified that the hackers had targeted 130 accounts, out of which they were able to gain access in 45 of them. It is believed that after using the accounts to access private accounts data, the hackers later tried to sell the accounts online. The attackers were able to successfully manipulate a few employees working inside the twitter headquarters and enter classified information by using those credentials to gain limited-time access in the internal mainframe of twitter. To prevent any further attack on the social media giant company, twitter is using the help of law enforcement agencies and Cybersecurity division to upgrade their security protocols.