Twitter hackers accessed app's systems by targeting employees, tech giant confirms

16 July 2020, 04:09

Twitter posted an update about the hack in the early hours of Thursday morning
Twitter posted an update about the hack in the early hours of Thursday morning. Picture: PA
Nick Hardinges

By Nick Hardinges

Twitter hackers accessed the app's internal platforms by targeting its employees, the social media giant has confirmed.

A number of high-profile Twitter users had their accounts targeted on Wednesday evening as part of a cryptocurrency-based hack.

World figures such as former US President Barack Obama, billionaire Bill Gates, and rapper Kanye West all saw their profiles taken over by scammers who were requesting donations of the cryptocurrency Bitcoin.

To combat the hack, Twitter stopped all verified 'blue-tick' accounts from posting anything as it investigated the issue.

Founder Jack Dorsey said: "We're diagnosing and will share everything we can when we have a more complete understanding of exactly what happened."

In a follow-up statement, posted in the early hours of Thursday morning, the social media giant confirmed it is continuing its investigation but updated users on what it believed had happened during the hack.

It claimed the hackers targeted the firm's employees who have access to the app's internal systems and tools, while the company is exploring whether any other malicious activity took place.

Read more: Covid-19 vaccine - more 'positive news expected' ahead of Oxford trial data publication

Read more: UK coronavirus death toll passes 45,000 mark as 85 more people die

The tech giant's full statement read: "Our investigation is still ongoing but here’s what we know so far.

"We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.

"We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.

"Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers.

"We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this.

"This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do.

"We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely.

"Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues."

The events of Wednesday evening are not the first time that people's Twitter accounts have been taken over.

In 2018, accounts belonging to celebrities including Louis Theroux, Eamonn Holmes and Saira Khan were hacked to expose a security flaw on the social network.

A message reading "This account has been temporarily hijacked by INSINIA SECURITY" appeared on several pages, in an effort to highlight an apparent vulnerability in the way Twitter uses text messages to secure accounts.

The security firm said the users had not lost access to their account and that none of their data was compromised during the exercise.

"We understood the way that Twitter handles incoming texts from your number," researchers said in a blog post.

"If we can text from what appears to be your number then we can interact with, and fully control, your Twitter account."

In tricking Twitter's verification system, they were able to fully use the target's account, the company claimed, meaning they could send tweets, direct messages, retweet and like tweets, as well as follow and unfollow people.