Yesterday, Twitter suffered a massive attack in which several high profile Twitter accounts were compromised. The account was carried out using social engineering, Twitter has verified.
Affected accounts, which included Bill Gates, Elon Musk, Barack Obama, Joe Biden, and other high profile figures, began tweeting the address of a bitcoin wallet, along with the message that the person was feeling generous and that any amount sent to the address would be sent back doubled. Over $110,000 was sent to the Bitcoin address during the attack.
Shortly after these high profile accounts began tweeting, Twitter recognized the incident and deleted the tweets, locked down affected accounts, and launched an investigation. According to a thread of Tweets from the company’s support account later that evening, attackers gained access to internal employee admin tools and systems, allowing them to take control of the accounts.
While Twitter investigated the incident, it disabled functionality for all verified accounts, not just those that were compromised, restricting them from actions such as tweeting or resetting passwords. “This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do,” the Twitter Support account tweeted following the incident.
The attack is a strong reminder to every company of the importance of security training, Logan Kipp, director at cybersecurity firm SiteLock, explained. “The recent Twitter compromise is a prime example of how proactive employee training can be one of the best defenses from malicious actors,” he said. “Cybercriminals were able to access the high-profile accounts by tricking employees via a ‘coordinated social engineering attack’ into giving up their credentials. Twitter, and any business with troves of data, passwords, etc., need to make security awareness training a top priority to better protect its people and users’ data against cyberattacks. Training staff on being an effective human firewall is more critical than it has ever been. Employees are often the first line of defense and if they don’t know how to spot common attack methods like spear phishing, smishing and whaling, cybercriminals will be quick to take advantage.”
Kelvin Coleman, executive director at the National Cybersecurity Alliance, agreed, adding: “Given the ‘insider’ nature of the incident, this attack speaks to a larger issue around the collective concept of people, process and technology. Although Twitter likely has a robust internal security team to monitor the platform across devices, and actively promotes the use of stronger passwords and 2FA, the human element continues to be the most unpredictable factor contributing to these types of situations. It’s hard to predict and mitigate how people will factor into potential breaches, but this should nonetheless be a learning experience for other platforms and tech companies to encourage them to review and enforce an effective incident response plan moving forward.”