Twitter vows to add more security training and measures as the fallout from Wednesday’s wide-scale hack on the social platform continues.
Twitter said in a statement that it is continuing its investigation into the hack while it looks to provide more company-wide security training against social engineering tactics. This will be in addition to cybersecurity coaching they get during onboarding and ongoing phishing exercises.
About 130 accounts were compromised on Wednesday when hackers took over prominent Twitter accounts in a Bitcoin hoax. Those compromised included Elon Musk, Kanye West, Bill Gates, former vice president and current presidential candidate Joe Biden, as well as several crypto firms like Binance, Coinbase, BitFinex and Gemini.
“We’re acutely aware of our responsibilities to the people who use our service and to society more generally. We’re embarrassed, we’re disappointed, and more than anything, we’re sorry,” Twitter said. “We know that we must work to regain your trust, and we will support all efforts to bring the perpetrators to justice. We hope that our openness and transparency throughout this process, and the steps and work we will take to safeguard against other attacks in the future, will be the start of making this right.”
Twitter said the hackers were able to view personal information like email addresses and phone numbers although the social media platform noted previous account passwords were not accessed. Additional information from accounts taken over by the hackers may have been viewed as well.
A Social Engineering Scheme
The attackers targeted employees, Twitter said, using schemes intentionally manipulating them to perform certain actions and divulging confidential information. Hackers used Twitter employees’ credentials to access internal systems which is why even accounts with two-factor protections were compromised. This affected only 130 accounts but hackers changed passwords to 45 of those accounts. Some usernames may have been sold.
A report from The New York Times said the hackers were a group of young people and they had planned the attack in a Discord server.
Forensic investigation into the hack continues, Twitter said, and the company is fully cooperating with law enforcement. Cointelegraph reported Twitter had been looking for senior security engineers before the breach.
The great hack has been deemed a wake-up call for centralized platforms. Some users even found hidden messages in some transactions. These transactions lead to wallets associated with Coinbase and BitPay.