Planned Social Engineering Attack on Employee Admin Panel Leads To Biggest Twitter Hack
Surprisingly, this attack, which could be the most massive hack ever launched by Twitter, was successful because individual employees had a high level of access to information and control on the platform.
A help center for the social media platform confirmed the coordinated social engineering attack had been conducted on the Twitter admin panel to get access to the internal systems and tools. We know that they used this access to take down many highly visible accounts, including verified accounts of celebrities, politicians, and other high-profile individuals, “Twitter Support said.
We are looking into any other malicious activity they may have conducted or accessed information, and we’ll share more here as we have. This account has reported that the platform has taken several measures, such as limiting access to internal systems and tools while the breach is investigated.
The hackers were also responsible for tweets in which they used the names of celebrities such as Barack Obama and Joe Biden to promote a fake Bitcoin raffle that has so far defrauded 300 users of $118,000.
The Initial Setup Plan
The individual employee admin center targeted in the hack had a wide range of tools to control the affected accounts including posting posts and access to its panels on its behalf, as well as changing your verification phone number and email address. Twitter user sniko has posted a screenshot indicating for the fraudsters had altered the email address on both the Coinbase and Gemini accounts, which were the same at the attack.
In the wake of the attack, Twitter took down all of the users who posted shots of admin panels as they violated the rules, Vice Motherboard reported. The pictures which showed access to multiple Twitter accounts, revealed internal admin details, including the account’s name, which logged in to hit it, when it was last accessed, the phone number tied to the reports, and the email address used for verification.
This sounds bad that Twitter developers can log in to their accounts and read their stuff, “said Twitter user 1uc45mh. As for the one who freaks out, no one can tweet anything to anyone’s account, and if they freak out, they can tweet it to their account.
In the meantime, the stock market reacted in a very different way, as it was closed for trading shortly after the hack was discovered. Twitter’s stock ( TWTR ) fell from $ 35 to $ 60 in just a few hours, according to the New York Times, a drop of more than 40 % in less than an hour. At the time of writing, the platform’s stock was at $ 34.52, down 2.5 % from its all-time high of $ 35.70 on June 14.
