Twitter says breach due to 'spear-phishing' attack on employees

SAN FRANCISCO • Twitter, whose internal systems were breached about two weeks ago, has said the incident targeted a small number of employees through a phone "spear-phishing" attack.

The United States microblogging site said on Thursday that the hackers targeted about 130 accounts, tweeted from 45, accessed the inbox of 36, and were able to download Twitter data from seven.

Attackers also targeted specific employees who had access to account support tools, Twitter said, adding that it restricted access to its internal tools and systems since the incident occurred.

Hackers had accessed Twitter's internal systems on July 15 to hijack some of the platform's top voices, including US presidential candidate Joe Biden, reality TV star Kim Kardashian, former president Barack Obama and billionaire Elon Musk, and used them to solicit digital currency.

Publicly available blockchain records show the apparent scammers received more than US$100,000 (S$137,000) worth of cryptocurrency.

The "spear-phishing" technique is a practice of sending e-mails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information.

Reuters reported last week that more than a thousand Twitter employees and contractors as of earlier this year had access to internal tools that could change user account settings and hand control to others, making it hard to defend against the hacking.

REUTERS

  • 130

    Number of accounts targeted by hackers

    36

    Number of inboxes accessed

A version of this article appeared in the print edition of The Straits Times on August 01, 2020, with the headline 'Twitter says breach due to 'spear-phishing' attack on employees'. Print Edition | Subscribe