Groups Similar Look up By Text Browse About



Similar articles
Article Id Title Prob Score Similar Compare
186677 ARSTECHNICA 2020-7-31:
Twitter hackers used “phone spear phishing” in mass account takeover
1.000 Find similar Compare side-by-side
186699 THEVERGE 2020-7-30:
Twitter says a spear phishing attack led to the huge bitcoin scam
0.909 0.766 Find similar Compare side-by-side
186675 TECHREPUBLIC 2020-7-31:
Breach of high-profile Twitter accounts caused by phone spear phishing attack
0.991 0.676 Find similar Compare side-by-side
187004 THENEXTWEB 2020-7-31:
Prosecutors claim to have caught teenage mastermind behind Twitter hack
0.117 0.596 Find similar Compare side-by-side
186484 THEVERGE 2020-7-28:
US seeks to drop charges against former Twitter employees accused of spying for Saudi Arabia
0.588 Find similar Compare side-by-side
186899 ARSTECHNICA 2020-7-31:
Florida teen charged as “mastermind” in Twitter hack hitting Biden, Bezos, and others
0.137 0.486 Find similar Compare side-by-side
186544 THEVERGE 2020-7-29:
US files expanded charges against former Twitter employees accused of espionage
0.003 0.459 Find similar Compare side-by-side
186723 THEVERGE 2020-7-31:
Twitter permanently suspends white supremacist David Duke
0.375 Find similar Compare side-by-side
186447 TECHREPUBLIC 2020-7-28:
Experts: Devastating ransomware attack on Garmin highlights danger of haphazard breach responses
0.361 Find similar Compare side-by-side
186764 THEVERGE 2020-7-31:
Twitter is surveying users on what features they’d want from a subscription
0.339 Find similar Compare side-by-side
186545 THENEXTWEB 2020-7-28:
Twitter says this new app for copying others’ timelines violates its rules — but it may live on
0.334 Find similar Compare side-by-side
186499 THENEXTWEB 2020-7-29:
Twitter expands its Stories-like Fleets to the Netherlands
0.332 Find similar Compare side-by-side
186993 THENEXTWEB 2020-8-3:
Pardon the Intrusion #23: Read this if you have a wearable
0.324 Find similar Compare side-by-side
186782 TECHREPUBLIC 2020-7-30:
Security: This nasty surprise could be waiting for retailers when they open up again
0.289 Find similar Compare side-by-side
186507 TECHREPUBLIC 2020-7-29:
It's not OK, Cupid: Security flaws could expose user data and more
0.270 Find similar Compare side-by-side
186790 TECHREPUBLIC 2020-7-30:
How security leaders can help SOC analysts adjust to working from home
0.267 Find similar Compare side-by-side
186773 TECHREPUBLIC 2020-7-30:
Gartner: Nearly 90% of HR leaders believe their orgs have failed at boosting diversity
0.261 Find similar Compare side-by-side
186492 TECHREPUBLIC 2020-7-29:
How to protect your website's database from hackers
0.252 Find similar Compare side-by-side
186464 VENTUREBEAT 2020-7-28:
Facebook sues EU antitrust regulator for seeking ‘irrelevant’ personal employee data
0.241 Find similar Compare side-by-side
186889 ARSTECHNICA 2020-7-31:
Red Hat and CentOS systems aren’t booting due to BootHole patches
0.233 Find similar Compare side-by-side
186556 ARSTECHNICA 2020-7-28:
Twitter suspends Donald Trump Jr. for posting COVID misinformation
0.230 Find similar Compare side-by-side
186792 THENEXTWEB 2020-7-29:
Google Stadia’s cellular support might draw in some new blood
0.228 Find similar Compare side-by-side
186788 TECHREPUBLIC 2020-7-30:
How to find and fix vulnerable default credentials on your network
0.227 Find similar Compare side-by-side
186567 THENEXTWEB 2020-7-28:
QuickBooks Essentials is business accounting on the go. Right now, it’s almost 40% off
0.227 Find similar Compare side-by-side
186524 THENEXTWEB 2020-7-28:
How to change your name on Facebook, Twitter, and other social media platforms
0.220 Find similar Compare side-by-side

1

ID: 186677

URL: https://arstechnica.com/information-technology/2020/07/twitter-hackers-used-phone-spear-phishing-in-mass-account-takeover/

Date: 2020-07-31

Twitter hackers used “phone spear phishing” in mass account takeover

This month's epic breach targeted multiple employees, Twitter says. The hackers behind this months epic Twitter breach targeted a small number of employees through a phone spear phishing attack, the social media site said on Thursday night. When the pilfered employee credentials failed to give access to account support tools, the hackers targeted additional workers who had the permissions needed to access the tools. This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems, Twitter officials wrote in a post. This was a striking reminder of how important each person on our team is in protecting our service. We take that responsibility seriously and everyone at Twitter is committed to keeping your information safe." Thursday's update also disclosed that the hackers downloaded personal data from seven of the accounts, but didn't say which ones. It took hours for Twitter to return control of the accounts to their rightful owners. In some cases, the hackers regained control of accounts even after they had been recovered, resulting in a tug of war between the intruders and company employees. Critics said the incident showed that Twitter hasnt implemented proper controls to prevent sensitive user information from falling into the hands of company insiders or people who target them. Twitter has vowed to investigate how the outsiders gained access to sensitive internal systems and take steps to prevent similar attacks in the future. Thursdays update provided more color about how internal systems and account tools work. It said: A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools. Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes. This knowledge then enabled them to target additional employees who did have access to our account support tools. Using the credentials of employees with access to these tools, the attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7. The update said that since the attack, the company has significantly limited employees access to internal tools and systems while the investigation continues. The restrictions are primarily affecting a feature that lets users download their Twitter data, but other services will also be temporarily limited. We will be slower to respond to account support needs, reported Tweets, and applications to our developer platform, the update said. Were sorry for any delays this causes, but we believe its a necessary precaution as we make durable changes to our processes and tooling as a result of this incident. We will gradually resume our normal response times when were confident its safe to do so. Thank you for your patience as we work through this. Thursday nights post also said that the company is accelerating unspecified and pre-existing security workstreams and improvements to our tools and prioritizing security work across various teams. Twitter is also improving ways to detect and prevent inappropriate access to internal systems.