Attackers hacked into Twitter internal systems and took over 45 high profile Twitter accounts, to include those from celebrities, politicians and large organizations.
The incident first came to light on on Wednesday, July 15, 2020 after a flurry of high profile Twitter accounts (to include those of Barack Obama, Kanye West, Joe Biden, Elon Musk, Uber and others) tweeted out cryptocurrency scams as part of an alleged hack.
Twitter Support confirmed the irregular account activity in a Tweet on Wednesday:
“We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it.”
To add, Twitter soon afterwards took a series of steps to lock down and regain back control over the compromised Twitter accounts.
On Saturday, Twitter further provided an update on the security incident and an overview of how the incident occurred on their website.
Twitter said hackers likely targeted Twitter employees who had access to support tools via a coordinated social engineering attack.
“The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections,” Twitter explained in the blog post.
In addition, hackers initially targeted 130 Twitter accounts, but were able to take over 45 of those high profile accounts and send out unauthorized tweets.
Twitter also does not believe the attackers were able to gain access to personal information of “vast majority” of Twitter accounts. However, the company explained the hackers likely gained access to personal information such as email addresses and phone numbers, as part of the 130 hacked Twitter accounts.
As Motherboard reports, the hackers may have convinced a Twitter employee to help them hijack the Twitter accounts.
An investigation was also underway to determine whether a Twitter employee actually hijacked the accounts or gave the hackers full access to an administration tool.
Furthermore, underground sources provided Motherboard screenshots of the admin tool, along with account names included in the hack.