Twitter said late Wednesday that hackers used social-engineering to access internal company tools and exploit a number of high-profile accounts earlier in the day. CEO Jack Dorsey also tweeted a public apology for the chaos this has caused.
A number of prominent Democrats, including Presidential hopeful Joe Biden, and former President Barack Obama were targeted, as were Bill Gates, Elon Musk, Kanye West, New York City Mayor Mike Bloomberg, and the corporate accounts of Silicon Valley giants Apple and Uber.
In a statement, Twitter said that it had "detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools. We know they used this access to take control of many highly-visible (including verified) accounts and tweet on their behalf. We're looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it."
Tough day for us at Twitter. We all feel terrible this happened.
We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.
💙 to our teammates working hard to make this right.
— jack (@jack) July 16, 2020
Twitter said that it first became aware of the incident late afternoon Pacific time. It moved to remove the tweets and disable the affected accounts. Likewise, as a precautionary measure, it also temporarily disabled the ability for verified twitter accounts—with a blue checkmark—to tweet.
"This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do," Twitter wrote.
The company said it is now looking into any other “malicious activity” the attackers may have conducted. Speculation online from security experts said that if attackers were able to compromise accounts in such a form, they might have access to the direct messages those accounts had received.
What is social engineering?
In the context of cybersecurity, “social engineering” is the act of tricking employees, rather than hacking, to gain access to buildings, systems or data. Often it involves impersonating another person, or a senior-level individual at a company.
In the crypto community, a popular social engineering attack is SIM swapping. In this case the attacker impersonates the target and asks a customer service representative at a telecom for a new SIM card, allowing the attacker to receive second-factor authentication texts sent to the target’s phone number.
Was the Twitter hack an inside job?
The social engineering account is seemingly at odds with other accounts of how the hack was executed. According to a report from Motherboard, which cited sources supposedly involved in the attack, a Twitter insider was paid to compromise the social platform. "We used a rep that literally done all the work for us," Motherboard quoted a source as saying.
Motherboard showed screenshots from the purported hackers that supposedly show the “God mode” tool used to provide root access. The screenshots depict numerous high-profile Twitter accounts being manipulated, including that of Binance.
Hours after news of the attack broke, Republican Senator Josh Hawley wrote to Twitter and Dorsey imploring them to cooperate with federal officials in investigating the attack.
"I am concerned that this event may represent not merely a coordinated set of separate hacking incidents but rather a successful attack on the security of Twitter itself," Hawley wrote to the company. "As you know, millions of your users rely on your service not just to tweet publicly but also to communicate privately through your direct message service," he wrote. "A successful attack on your system's servers represents a threat to all of your users' privacy and data security.
Twitter has a history of bad actors inside the company. Last year, the Department of Justice charged two former Twitter employees with spying on Saudi dissidents.
Ahmad Abouammo and Ali Alzabarah are alleged to have used their system access to collect phone numbers and IP addresses of Saudi dissidents and pass them back onto law enforcement within the country. Court documents filed state that the process of collecting this sensitive information was “trivial” for the two employees, showing the susceptibility of social media companies to insider attacks.
Twitter said that all verified accounts were able to resume tweeting, but password reset functions were locked down until further notice.
This story was produced in collaboration with our friends at Forkast, a content platform focused on emerging technology at the intersection of business, economy, and politics, from Asia to the world.