Twitter Details Its Massive Security Hack, What Happened And Corrective Actions

Following a massive data breach earlier this week, Twitter now finds itself in the precarious position of balancing transparency with security. That's to say, Twitter has divulged some additional details about what happened and what steps it is taking in the aftermath, but is also keeping certain information close to the vest.

The incident took place last Wednesday, when several hacked, high profile accounts perpetuated a Bitcoin scam—tweets from accounts belonging to Elon Musk, Joe Biden, Barack Obama, Kanye West, Bill Gates, and other notable figures solicited Bitcoin with the promising of sending back double whatever amount they received.

It was a nonsense promise, of course, but reports claim the perpetrators may have received in the neighborhood of $120,000 worth of Bitcoin.

Not that this comes as much consolation, but this was not the result of Musk, Gates, and others using weak passwords on their accounts. Instead, Twitter says the culprits "targeted certain employees through a social engineering scheme."

"In this context, social engineering is the intentional manipulation of people into performing certain actions and divulging confidential information," Twitter explained.

Put another way, the hackers tricked Twitter employees into coughing up their login passwords in some manner, be it through phishing or malware or whatever. Those accounts had admin access on the back end of Twitter, and using tools that are only available to internal support personnel, the hackers targeted 130 accounts.

Out of those, the attackers were able to reset passwords and log into 45 accounts, and send tweets from those compromised accounts. In addition, Twitter says the attackers downloaded account summaries for up to eight hacked accounts (none of which were verified accounts).
"As the investigation of this incident is unfolding, there are some details—particularly around remediation—that we are not providing right now to protect the security of the effort. We will provide more details, where possible in the future, so that the community and our peers may learn and benefit from what happened," Twitter said.

While Twitter is not going into great detail about how it is handling the situation, it did outline four steps it is taking as the weekend rolls out.
  1. Restoring access for all account owners who may still be locked out as a result of our remediation efforts.
  2. Continuing our investigation of the incident and our cooperation with law enforcement.
  3. Further securing our systems to prevent future attacks.
  4. Rolling out additional company-wide training to guard against social engineering tactics to supplement the training employees receive during onboarding and ongoing phishing exercises throughout the year.
Twitter is also aware that it is now in a position of rebuilding trust, and admitted to being both "embarrassed" and "disappointed" in the events that took place. In the meantime, for ongoing updates, you can follow the Twitter Support account.