Twitter revealed that it was a spear phishing campaign – a term that designates targeted attempts to deceive specific people into sharing confidential data – that led to the company's mega-attack on July 15.
“The campaign targeted a small number of employees through a mobile spear phishing attack. This attack was based on a significant and concerted attempt to deceive certain employees and exploit human vulnerabilities to gain access to our internal systems, ”wrote the American technology company in a new update, the result of the investigations it has been doing on the case.
The spear phishing campaign allowed attackers to obtain access credentials from Twitter employees, with some having access to so-called user support administration tools – which in practice give complete editing and publishing access to the users' profile.
According to the latest Twitter numbers, 130 personalities accounts – including the profiles of Barack Obama, Elon Musk, Bill Gates, among others – were usurped by hackers, and in 45 of these messages were even published promoting a transfer scheme of money through Bitcoin digital currency. There are also records of 36 mailboxes that were accessed during the attack and seven accounts that saw their Twitter usage data stolen.
Twitter adds that it has “significantly” limited access to the company's internal tools and systems. “Until we can safely resume normal operations, our response times for support questions and complaints will be slower. Thank you for your patience while we work on this ”, added the technology, through the official support account.
The company also promises to continue to reveal new details about the mega-attack as soon as it can ascertain new information.
The revealing identity or country of origin of the attacker (s) remains. Twitter also did not comment on information that was published in the specialized press in the days following the attack and which pointed to the publication of authentication credentials for Twitter's internal administration tools on a Slack communication platform channel.