Twitter has provided another update in its investigation into its Wednesday security incident when a group of hackers breached its backend and tweeted a cryptocurrency scam on behalf of high-profile and verified accounts.
The incident[1] became of note because hackers compromised accounts for public figures such as Barrack Obama, Joe Biden, Bill Gates, Elon Musk, Jeff Bezos, Apple, Uber, Kanye West, Kim Kardashian, Michael Bloomberg, and many others.
In light of the highly publicized incident and with all the world's eyes on its response, Twitter has been providing updates on a daily basis since the hack, as security teams sift through the logs in search of what happened and who was behind the intrusion.
These updates have now become quite bulky and convoluted, and as a result, we'll list them below and continue to update this article as Twitter releases new evidence.
- The incident took place on Wednesday, July 15, 2020.
- Twitter said hackers used social-engineering to gain access to Twitter employee accounts.
- A New York Times report that has yet to be confirmed by Twitter said that hackers breached employee Slack accounts and found credentials for the Twitter backend pinned inside a Slack channel.
- Twitter said hackers got "through" their two-factor protections but did not specify if it referred to the backend accounts or the Slack accounts.
- Once hackers accessed the Twitter backend, they Twitter's own internal tech support tools to interact with accounts.
- Hackers interacted with 130 accounts, according to Twitter.
- For 45 accounts, hackers initiated a password reset, logged into the account, and sent new tweets to promote their cryptocurrency scam.
- Twitter said it believes hackers also tried to sell access to some hijacked Twitter accounts, due to highly-coveted usernames.
- For eight accounts, hackers downloaded account data through the "Your Twitter Data" feature.
- Twitter didn't