Twitter on Thursday revealed that several employees were targeted with phone spear-phishing in a social engineering attack leading to the recent security incident.
A total of 130 accounts were targeted in the incident, with hackers abusing internal Twitter systems and tools to reset the passwords for 45 of them. The attackers also accessed the DM inbox of 36 accounts and downloaded the Twitter data of 7.
Supposedly the work of young hackers looking to compromise high-profile, OG accounts, the incident resulted in the inbox of an elected Dutch official being accessed as well.
On Thursday, Twitter confirmed that the hackers targeted several of its employees to gain access to internal systems and gather information on which employees might have access to the tools needed to reset passwords and take over accounts.
“Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes. This knowledge then enabled them to target additional employees who did have access to our account support tools,” the social media platform revealed.
Twitter also underlines that its support teams use proprietary tools to resolve issues that users report, to review content, and respond to reports.
“Access to these tools is strictly limited and is only granted for valid business reasons. We have zero tolerance for misuse of credentials or tools, actively monitor for misuse, regularly audit permissions, and take immediate action if anyone accesses account information without a valid business reason,” the company says.
Following the attack, the social platform is looking at means to improve its tools and controls, especially considering the concentrated effort that attackers showed in targeting specific employees.
Twitter also notes that it has already contacted the impacted account owners and worked with them to restore access after initially locking them out to contain the security incident. The company also engaged with law enforcement to investigate the attack.
“Since the attack, we’ve significantly limited access to our internal tools and systems to ensure ongoing account security while we complete our investigation. As a result, some features (namely, accessing the Your Twitter Data download feature) and processes have been impacted. We will be slower to respond to account support needs, reported Tweets, and applications to our developer platform,” the company says.
Twitter also notes that it plans on intensifying employee training and to accelerate improvements to its tools to ensure better security and more efficient detection and prevention of inappropriate access to accounts.
Related: Twitter Says Hackers Accessed DM Inboxes in Recent Attack
Related: Twitter Says Hackers Accessed Dutch Politician’s Inbox
Related: Hackers Accessed, Downloaded Twitter User Data in Recent Attack