Twitter confirms a phone spear – pushing attack behind high-profile bitcoin scam. On Thursday July 30, 2020 twitter confirmed the hacking attack that compromised several the highest profile accounts began with employees. Specifically, the attack first targeted twitter employees who did not have access to account management. Twitter confirmed that hackers were able to use their credentials to access account that did have access. Once the hackers have access to account management tools, they seize control of 136 accounts. Of the total member 45 of these accounts were high-profile accounts that were used in a bitcoin scam. Specifically, the hackers use these accounts to convince followers to donate money attached link. The link sent the money to a money account controlled by the hackers.
Nature and solution
Twitter confirms the phone spear – pushing attack that led to the breach in security exploited human weaknesses. While it did not confirm the exact nature of these weaknesses. Given the fact that pushing attack relies on the hacker posing as a trusted individual narrows down the option. The hackers gained the employees trust. Then he convinced The lungs to share their credentials or click on the link. They clicked on the link they basically open the door for the hacker, which he then waged open. Twitter also announced on Thursday it had taken action to increase it service security. The primary way that Twitter accomplish this by limiting access to account management tool.
In other words, the company has reduced the number of employees’ access to the account management tools. One of the possible reasons for this decision is to prevents twitter employees being compromise by another phone spear-pushing attack. That is, if a hacker managed to gain an employee credentials they won’t easily finds account management tools access. This security measure has a downside for Twitter several of their data tool features being effective. Additionally, because they reduce the number of employees with access to account management tool technical support will be greatly slowed.
