Twitter just became the latest victim of a huge security breach which has now left their internal team crippled.
On Wednesday, a malicious threat actor by accessing Twitter’s ‘admin’ tool on the company’s network went on to hijack several high-profile Twitter accounts including Bill Gates, Jeff Bezos, Elon Musk and Democratic presidential hopeful Joe Biden. After doing so, the hacker spread a cryptocurrency scam via their accounts.
Now, when the news broke out of the same, Twitter was reached out to for a comment however they didn’t respond immediately. Later, the company confirmed in a series of tweets that the hijacking was the result of a well planned ‘social engineering’ attack which targeted some of their employees having access to internal systems and tools.
Possible Insider Involvement?
Today, Motherboard, a Vice wing which investigates technology and security related issues, has revealed that they have obtained some leaked screenshots and gotten in touch with four sources who were responsible for taking over the Twitter accounts. They have confirmed that it was a Twitter insider who was responsible for all the damages and mayhem that was caused yesterday.
After being granted complete anonymity, one of the sources who came forward to speak about the security breach claimed that they used a representative who executed all the work for them while another source added that they paid the Twitter insider. They also provided Motherboard with screenshots of the user tool or the Twitter’s internal panel and said that the same was utilised for changing the ownership of the some Twitter handles which consisted of only one or two characters as well as for tweeting the cryptocurrency scams from the high profile accounts.
In hopes of doing as much damage control as they can, currently, the microblogging social media platform is busy deleting the screenshots of the employee panel from its platform and is suspending the users who have tweeted them on the grounds of violating its privacy rules.
Here it needs to be noted that the Twitter panel is a stark example of the issue of insider data access that plagues almost all tech companies, big and small. While in this case, the access enabled hackers to take over some of the biggest accounts on Twitter and tweet bitcoin-related scams in an effort to generate income, in other cases, hackers have been known to bribe workers to leverage these tools over individual users.
Shortly after a huge spike in takeovers was noticed by Twitter, the company proceeded to tweet that users may find themselves being unable to reset their passwords or tweet for a while until the company addresses the issue.
Also, U.S Republican Senator Josh Hawley, within an hour of the breach, wrote to the CEO of Twitter Jack Dorsey and asked him for more information about the breach which includes how the hack was executed, how many users were compromised, and so on.
Hawley said, to reach out to the Department of Justice and the Federal Bureau of Investigation immediately and take all necessary steps and measures to secure the site before the breach expands further.
This isn’t the first time Twitter came under the heat because of their employees sabotaging the security of the platform. In 2017, a Twitter employee was able to briefly delete President Donald Trump’s account before it was quickly revived. In another similar incident in 2019, two Twitter employees were caught by the U.S. Justice Department abusing their access to spy on users for the Saudi regime.
Now, it remains to be seen how the company plans to mitigate these issues and what security measures will they be implementing in order to prevent this type of incident from repeating itself in the future. We will keep you updated on all future developments. Until then stay tuned.
