Shannon Breaks Down the Twitter Attack - ThreatWire

Last week on the show I went through an extensive report of the Twitter hack, and this week we do have a few updates. First, according to Reuter, more than a thousand employees and contractors at Twitter had access to that internal admin tool that basically gives them god mode over any account on the platform. Twitter did not comment on this information.

This is according to two former Twitter employees, who spoke to journalists anonymously. They allege that these 1000+ humans, some contractors with Cognizant, could access this tool and could have also been phished or bought off for a similar hack. They stated Twitter has implemented logging of activity by employees, but only alerts and reviews of logs could prevent a breach like the one that occurred two weeks ago to happen. Since Twitter has declined to comment, we don’t know if it has put proper mitigations in place or lessened the number of employees who had admin access, if true. The hack is still under investigation at this time, but more information is coming to light.

For example, Twitter posted an update on the 22nd, saying that up to 36 of the 130 accounts that were targeted had their DM inbox exposed, including 1 elected official in the Netherlands. Twitter also said it has no indication that any other former or current elected official had their DMs accessed, probably due to the fact that political figures such as Joe Biden were a part of this attack. Twitter noted it is in direct contact with these individuals and would share additional updates. In its ongoing blog post, Twitter also noted that phone numbers and email addresses could be viewed by the attackers.

Lastly, in a report from Motherboard, cryptocurrency firm Kucoin confirmed it was a victim of the hack and shared an email they received from Twitter. The email alerted the account about the hack, saying the unauthorized Tweets were not deleted but were hidden. Notably, the email also stated that if 2FA was originally enabled on the account, it was disabled once the account was locked and would need to be re-enabled manually. 

So to recap: 130 were targeted, 45 were a part of the bitcoin scam, 36 had their DMs viewed by attackers (and potentially screenshotted or saved), and 8 accounts had "Your Twitter Data" downloaded by the attackers, none of those 8 were verified.

Twitter:
https://www.reuters.com/article/us-twitter-cyber-access-exclusive/exclusive-more-than-1000-people-at-twitter-had-ability-to-aid-hack-of-accounts-idUSKCN24O34E?utm_source=reddit.com
https://twitter.com/TwitterSupport/status/1286088135525318656
https://www.vice.com/en_us/article/xg84ja/twitter-hack-email-to-accounts-that-were-hacked

Links:
Support me on alternative platforms! https://snubsie.com/support

Shop ThreatWire Merch Directly! - https://snubsie.com/shop

Shop ThreatWire Merch on Teespring! - https://teespring.com/stores/shannons-store-24

http://www.youtube.com/ShannonMorse?sub_confirmation=1  --  subscribe to my tech channel!

ThreatWire  is only possible because of our Patreon patrons! Sign up now for ACTION  ALERTS! Help me reach our next ThreatWire goal to unlock merch tiers  and an audio podcast! https://www.patreon.com/threatwire