• Emergency Incident Response
  • Emergency Incident Response
  • Services
    • Managed Security
    • Cybersecurity Assessments
    • Compliance
    • Software & Application Development
    • Training
  • Industries
    • Financial Services
    • Healthcare
    • Manufacturing
    • Legal
    • Transportation
    • Federal Government Cybersecurity
    • State & Local Government
  • Company
    • About
    • Our Partners
    • Intellectual Property
  • Resources
  • Careers
  • Contact
  • LinkedIn
  • Twitter
Insights
March 31, 2021
Gartner: Top Risk Management Trends for 2021
Gartner hosted their annual Security and Risk Management Summit where Research Vice President, Peter Firstbrook, presented ...
Insights
August 4, 2020

Update: Twitter Hack How It Happened

On July 15th, several Twitter accounts were hacked in an effort to scam bitcoin from users. Unfortunately, it was successful, and in just under four hours that the tweets were live, the hackers received over $100,000 in bitcoin.

If you want to read more about the timeline of the hack on July 15th, you can read about it in our previous blog.

The hackers have since been identified and arrested as investigators found that their driver’s licenses were linked to their cryptocurrency exchange accounts. All three of the attackers, including a 17-year-old Tampa teen, are in custody.

In an update released by Twitter, they identified how the hack occurred. The cybercriminals targeted a small number of employees through a phone spear-phishing attack. Instead of casting a wide net like more common phishing attempts, spear-phishing is a form of social engineering where a hacker chooses a specific individual or enterprise with a tailored message based on job position or contacts belonging to the victim. This method requires more effort, time, and planning, and is typically harder to detect. In the case of the Twitter hack, the victims were targeted through their mobile phones while working from home.

After the successful phishing attack, the hackers obtained access to Twitter’s internal network and support tools. The hackers used the stolen credentials to access Twitter’s internal systems to learn about the company’s processes for accessing account-support tools. With this information, they were then able to target 130 Twitter accounts, tweeting from 45, accessing the direct messaging inbox of 36, and downloading the Twitter data of 7.

Since the attack, Twitter has significantly limited access to their internal tools and systems to ensure ongoing account security. They have increased security protocols and will continue to share updates.

It is important to note that the attack was targeted specifically at individuals. Studies show that employees are the number one vulnerability in any organization’s cybersecurity defense.

In addition to having the proper technology protocols in place, every organization needs to invest in proper cybersecurity training. Training your employees to properly identify a phishing attempt can be the number one tool to protect your business.

Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn
  • Share by Mail
Back to Blogs
Blue Star provides managed cybersecurity services, IT network security assessments, custom application development, and training and compliance services. With more than a decade of experience leading the nation’s most advanced IT security programs, we deliver heightened resilience and peace of mind to commercial enterprises. Your customers and employees trust you to safeguard their data. With the Blue Star team in your corner, you’re empowered to deliver results.
  • LinkedIn
  • Twitter
  • Services
  • Company
  • Industries
  • Resources
  • Careers
  • Contact

© Blue Star 2023

Sitemap | Privacy Policy

Scroll to top