|
Title: Twitter hacked account. Details about what really happened Post by: suzanne5223 on July 18, 2020, 08:09:06 PM Twitter support released a statement today about how the hacker was able to manipulate over 100 twitter accounts. Source (https://twitter.com/TwitterSupport/status/1284331127654645760?s=20)
https://i.postimg.cc/wybkxBK8/Screenshot-20200718-204907.png (https://postimg.cc/wybkxBK8) Quote At this time, we believe attackers targeted certain Twitter employees through a social engineering scheme. What does this mean? In this context, social engineering is the intentional manipulation of people into performing certain actions and divulging confidential information. The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets. We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken. In addition, we believe they may have attempted to sell some of the usernames. For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. This is a tool that is meant to provide an account owner with a summary of their Twitter account details and activity. We are reaching out directly to any account owner where we know this to be true. None of the eight were verified accounts. Title: Re: Twitter hacked account. Details about what really happened Post by: CODE200 on July 18, 2020, 08:50:07 PM This has been the very news since yesterday, been seeing a lot of posts about it and upon reading I don't really believe that those attacks were just too miraculous to happen. We have seen an attacks from twitter accounts but none of those were belong to the verified and popular personalities including Joe Biden, which is a pro-bitcoiner I must say which also makes him as a target. This is what @theymos also sees as a reason, this includes the twitter support so they can get through the 2FA protections, very clever indeed.
Title: Re: Twitter hacked account. Details about what really happened Post by: Quidat on July 18, 2020, 09:43:27 PM Twitter support released a statement today about how the hacker was able to manipulate over 100 twitter accounts. Source (https://twitter.com/TwitterSupport/status/1284331127654645760?s=20) It doesnt matter on whats the actual reason on said breach or twitter account hacks.Its just that their employees are just too dumb or they do suck when it comes to security. Neither one of those reasons, surely Twitter does really have that kind of negative impression by its users but at least they are trying to solve out everything but i dont fully 100% trusting up on the words that they've been telling on public.We wont know if whats the actual reason if its totally social engineering attack or whatsoever. Title: Re: Twitter hacked account. Details about what really happened Post by: Baofeng on July 18, 2020, 10:20:02 PM Also goes to show that Twitter has some kind of backdoor panel that can really access any accounts regardless if you have 2FA. And maybe the hackers have somewhat other plans besides using bitcoin, to look for data because the hacks not just involved crypto personalities, but those people political people and rich and billionaires. And that is why the FBI is stepping into the picture to investigate this further.
Title: Re: Twitter hacked account. Details about what really happened Post by: Wexnident on July 19, 2020, 12:58:04 AM What's it called, Social Engineering? Heard it about in a hacking movie in the past where the guy was basically able to manipulate employees into allowing him to do stuff that looks fine, but really isn't. Got the name from the movie Who Am I.
Anw, considering how the hacks went, it was understandable how there were inside works, and if there weren't it'd actually make these hackers quite insane imo. I can't really blame the staff if they got tricked into doing something they didn't even know was wrong. It's not that they were ignorant but rather the actions done by the hackers didn't seem like it'd actually affect their system, that is, in their eyes. It is kind of odd though, how they're internal staff were the ones that got tricked. That, or they're pretty much hiding some info to avoid their system from being doubted. The Social Engineering trick did happen, but who knows if they really got in through internal staff though. Title: Re: Twitter hacked account. Details about what really happened Post by: cryptomaniac_xxx on July 19, 2020, 05:35:34 AM Anw, considering how the hacks went, it was understandable how there were inside works, and if there weren't it'd actually make these hackers quite insane imo. I can't really blame the staff if they got tricked into doing something they didn't even know was wrong. It's not that they were ignorant but rather the actions done by the hackers didn't seem like it'd actually affect their system, that is, in their eyes. It is kind of odd though, how they're internal staff were the ones that got tricked. That, or they're pretty much hiding some info to avoid their system from being doubted. The Social Engineering trick did happen, but who knows if they really got in through internal staff though. I worked before as I technical support staff, so we have access to the system, so we all know that the first lesson is not to engage to anyone from outside, otherwise its a recipe for a disaster, which eventually happen. You will always treat in like outside threat, and now that it seems Twitter has been exposed already. Maybe they just used this "Social Engineering" term, but it has more to it, I guess.Title: Re: Twitter hacked account. Details about what really happened Post by: joniboini on July 19, 2020, 05:41:16 AM Ehm, so this also means that Twitter employees has tools that will allow them to manipulate your account? What's the limit there?
I think that's really dangerous, not to mention hacking like this can happen again, but they can potentially abuse their rights and sell your data. Not sure if this is the standard practice there but I'd never use any personal details to use the website if I knew this. They could sell the accounts and then said "Nah you guys might be phished somewhere". Title: Re: Twitter hacked account. Details about what really happened Post by: NavI_027 on July 19, 2020, 06:04:57 AM At this time, we believe attackers targeted certain Twitter employees through a social engineering scheme. What does this mean? In this context, social engineering is the intentional manipulation of people into performing certain actions and divulging confidential information. Social engineering? Do you also mean it includes hypnotism? Correct me if I'm wrong my fellow Filipinos, I think we had a local version for it which is called "Budol budol" :D. Where the fraudsters will suddenly approach you out of nowhere and then talk with you a lot until you let your guard down and will not notice that you are already complying with their demands. But I still do not believe on this thing because all of us got their own free will. If you really do not want to spill the confidential data then you won't do it at all. So maybe there's an extortion happened or the worst is an inside job. Title: Re: Twitter hacked account. Details about what really happened Post by: sheenshane on July 19, 2020, 06:43:49 AM I worked before as I technical support staff, so we have access to the system, so we all know that the first lesson is not to engage to anyone from outside, otherwise its a recipe for a disaster, which eventually happen. You will always treat in like outside threat, and now that it seems Twitter has been exposed already. Maybe they just used this "Social Engineering" term, but it has more to it, I guess. So you meant that there's a possibility that hacked happened was might an inside job? Or maybe I have an assumption that the hacker was also ex-technical support staff. Because hackers know what is the weakness of the system, through by this hackers was able to manipulate the system and compromised those high-profiled accounts. And here is the thing that comes up in my mind, why it took so long time before they froze those hacked accounts or even delete the hack attempt tweet? Hmmm.Speaking of high profile accounts, I wonder why President Donald Trump didn't hack his account. :D Probably because hackers know that he isn't Bitcoin's friendly. I noticed that the Twitter company didn't state how they will improve their security system. Title: Re: Twitter hacked account. Details about what really happened Post by: Tipstar on July 19, 2020, 09:39:28 AM So, they are basically saying twitter employee has the access to email, password and 2FA of users. This is an absurd negligence from the twitter team and they should be held responsible for any loss occurred. Social engineer would get access to peoples personal things not that of it's employees. There's more than social engineering involved.
Title: Re: Twitter hacked account. Details about what really happened Post by: tsaroz on July 19, 2020, 09:42:32 AM I worked before as I technical support staff, so we have access to the system, so we all know that the first lesson is not to engage to anyone from outside, otherwise its a recipe for a disaster, which eventually happen. You will always treat in like outside threat, and now that it seems Twitter has been exposed already. Maybe they just used this "Social Engineering" term, but it has more to it, I guess. So you meant that there's a possibility that hacked happened was might an inside job? Or maybe I have an assumption that the hacker was also ex-technical support staff. Because hackers know what is the weakness of the system, through by this hackers was able to manipulate the system and compromised those high-profiled accounts. And here is the thing that comes up in my mind, why it took so long time before they froze those hacked accounts or even delete the hack attempt tweet? Hmmm.Speaking of high profile accounts, I wonder why President Donald Trump didn't hack his account. :D Probably because hackers know that he isn't Bitcoin's friendly. I noticed that the Twitter company didn't state how they will improve their security system. The hackers could access any accounts but they didn't even bother going into Trumps and they knew no one is believing him anyway. People would rather listen to Kayne West on twitter than to trump. Title: Re: Twitter hacked account. Details about what really happened Post by: mk4 on July 19, 2020, 09:46:04 AM Social engineering? Do you also mean it includes hypnotism? Correct me if I'm wrong my fellow Filipinos, I think we had a local version for it which is called "Budol budol" :D. Where the fraudsters will suddenly approach you out of nowhere and then talk with you a lot until you let your guard down and will not notice that you are already complying with their demands. Here's the correction you're looking for. Looks like you need to do some research concerning social engineering; and no. Social engineering doesn't necessarily mean it includes hypnotism. https://terranovasecurity.com/examples-of-social-engineering-attacks/ Title: Re: Twitter hacked account. Details about what really happened Post by: btc78 on July 19, 2020, 10:27:53 AM Quote At this time, we believe attackers targeted certain Twitter employees through a social engineering scheme. What does this mean? In this context, social engineering is the intentional manipulation of people into performing certain actions and divulging confidential information. Even how they explain their part still there is a bridge in their security and hacking still happens,What do they want from people to understand the ability of hacker?if there is someone to blame this is them and no one else.The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets. We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken. In addition, we believe they may have attempted to sell some of the usernames. For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. This is a tool that is meant to provide an account owner with a summary of their Twitter account details and activity. We are reaching out directly to any account owner where we know this to be true. None of the eight were verified accounts. Now their popularity and trust from user has been compromise because of this situation. So, they are basically saying twitter employee has the access to email, password and 2FA of users. This is an absurd negligence from the twitter team and they should be held responsible for any loss occurred. Social engineer would get access to peoples personal things not that of it's employees. There's more than social engineering involved. and that is my concern as well,now they are proving that twitter users has no privacy at all.Title: Re: Twitter hacked account. Details about what really happened Post by: davis196 on July 19, 2020, 11:34:56 AM Ehm, so this also means that Twitter employees has tools that will allow them to manipulate your account? What's the limit there? I think that's really dangerous, not to mention hacking like this can happen again, but they can potentially abuse their rights and sell your data. Not sure if this is the standard practice there but I'd never use any personal details to use the website if I knew this. They could sell the accounts and then said "Nah you guys might be phished somewhere". Twitter employees have the tools to delete tweets that violate Twitter's Terms of Service and also suspend and ban accounts that violate the rules set by Twitter.There's nothing wrong with that.The big problem is that Twitter employees can access Twitter accounts and change the account settings. This should be changed ASAP. Like I've written here before-I'm done with social media websites and I will never create a new social media account. If you ever plan to register on a social media platform,using fake info is the best move. I don't believe that twitter employees might start selling accounts.It would be really easy to track such activity. Title: Re: Twitter hacked account. Details about what really happened Post by: noormcs5 on July 19, 2020, 11:40:22 AM Twitter support released a statement today about how the hacker was able to manipulate over 100 twitter accounts. Source (https://twitter.com/TwitterSupport/status/1284331127654645760?s=20) https://i.postimg.cc/wybkxBK8/Screenshot-20200718-204907.png (https://postimg.cc/wybkxBK8) These statements won't help twitter any good. There system is compromised and it is a big question mark on their security. Twitter contains the data of millions of people and such breaches cannot be tolerated. They need to spend more money to secure their systems from the hackers. Title: Re: Twitter hacked account. Details about what really happened Post by: naomi-the-cat on July 19, 2020, 11:42:31 AM Looks like thier employees have too much power on the platform
Title: Re: Twitter hacked account. Details about what really happened Post by: kryptqnick on July 19, 2020, 11:59:12 AM Ehm, so this also means that Twitter employees has tools that will allow them to manipulate your account? What's the limit there? Yeah, I am also concerned with that. It's interesting how Twitter seems to focus on hackers in this story, but doesn't say it's also their fault and that they clearly store some data they aren't supposed to be storing. The passwords weren't accessed, it seems, so a version that it's related to passwords being briefly stored in plain text (there were stories about that with Twitter before) doesn't seem to be getting confirmed. But if via accounts of the employees it's possible to manipulate 2FA and reset passwords, they clearly have more access than they're supposed to have.I think that's really dangerous, not to mention hacking like this can happen again, but they can potentially abuse their rights and sell your data. Not sure if this is the standard practice there but I'd never use any personal details to use the website if I knew this. They could sell the accounts and then said "Nah you guys might be phished somewhere". Title: Re: Twitter hacked account. Details about what really happened Post by: Jating on July 19, 2020, 01:13:00 PM Looks like thier employees have too much power on the platform And that is centralisation for you, maybe they have this tools at their disposal and maybe not all staff have the level. But the one that the hackers was able to social engineer might have access to the control panel that monitors everything including access to all accounts that's why it is very easy for the hackers to use it and make the tweet without raising any alarms for the owners themselves. So this hacks also exposes Twitter security that a backdoor is a possibility that exposes the password in plaintext. Title: Re: Twitter hacked account. Details about what really happened Post by: coolcoinz on July 19, 2020, 02:09:01 PM Looks like thier employees have too much power on the platform Who would have the power in the company if not the employees? We do not know which access level was responsible for the leak. Don't forget that managers and group leaders are also employees. If they had no access to sensitive data they wouldn't be able to deal with support cases, user verification, account management and all that. Title: Re: Twitter hacked account. Details about what really happened Post by: pawanjain on July 19, 2020, 02:28:49 PM That's really a shame for twitter since the hackers were successful social engineering the twitter employees.
Being such a well established social media platform twitter should have had higher security on this one. This shows how you are not so safe on the internet and why we should all educate ourself to be self secured online. Title: Re: Twitter hacked account. Details about what really happened Post by: Sanugarid on July 19, 2020, 02:45:15 PM So, they are basically saying twitter employee has the access to email, password and 2FA of users. This is an absurd negligence from the twitter team and they should be held responsible for any loss occurred. Social engineer would get access to peoples personal things not that of it's employees. There's more than social engineering involved. I don't think so, I guess I can see what the hackers did to be able to get into the accounts, they sent a password reset request to the twitter support then they pretend to be the owner the account then there's the duplicated emails made by the hackers to get the same verification process. The only mistake that the twitter support did was they did not fully verified the identity of the requests made by an unknown person. This is only the hole I can see with the twitter right now.Title: Re: Twitter hacked account. Details about what really happened Post by: matchi2011 on July 19, 2020, 02:51:44 PM That's really a shame for twitter since the hackers were successful social engineering the twitter employees. Shame is the precise word for the owner of twitter, having a system breach like this really hurt their business, knowingthat there are so many people who've got victimized by this hacking activities. Being such a well established social media platform twitter should have had higher security on this one. Mostly on a inside job thing, twitter have that high securities but if the hacking happen inside, we never know.This shows how you are not so safe on the internet and why we should all educate ourself to be self secured online. This hacking and even you have the right knowledge it's behind your control.Title: Re: Twitter hacked account. Details about what really happened Post by: Oasisman on July 19, 2020, 03:19:10 PM Ehm, so this also means that Twitter employees has tools that will allow them to manipulate your account? What's the limit there? I think that's really dangerous, not to mention hacking like this can happen again, but they can potentially abuse their rights and sell your data. Not sure if this is the standard practice there but I'd never use any personal details to use the website if I knew this. They could sell the accounts and then said "Nah you guys might be phished somewhere". Yes yes! That depends on which department you are assigned. I have worked in a third party business outsourcing before as customer service representative and literally, before the client is able to talk his concerns to me, I already have his basic personal information already. So, how much more for those employees in the technical and programming department that's maintaining all the data inputted in a daily basis. And the scenario you have in your example is very possible to happen. The same risks with the Bitcoin that's stored in a custodial and exchange wallets. Title: Re: Twitter hacked account. Details about what really happened Post by: seoincorporation on July 19, 2020, 03:52:54 PM You can have the more secure system, but the human fact still a big vulnerability for any system, and the only way to make it secure is by founding a way to take out this human factor.
Se social engineering attacks have become popular and with time they become more complex, today we can't trust mails, phone calls or any kind of digital contact. And was nice to read an explanation from the twitter team, lot of us were curious about what really happened there. Title: Re: Twitter hacked account. Details about what really happened Post by: khaled0111 on July 19, 2020, 08:56:43 PM Employees with so much powers and privileges and easily fall for a social engineering attack! What makes things worse is that it's not a single employee who got hacked but many of them.
It makes me wonder how serious the Twitter owners/leaders when it comes to recruiting their employees. Don't they get any cybersecurity trainings?! What's frustrating is that they didn't even admit their mistake and took responsibility for it. Title: Re: Twitter hacked account. Details about what really happened Post by: MFahad on July 19, 2020, 10:26:44 PM The halving event is not much discussed in the media but after this twitter hack, everyone is talking about crypto currencies on the media. I don't say that we need such hacks to make bitcoin more popular but bitcoin knowledge and awareness has increase to a great extent after this hack.
Title: Re: Twitter hacked account. Details about what really happened Post by: MCobian on July 19, 2020, 10:52:20 PM Lots of topics in this forum about Twitter hacked accounts, because not only in this forum, even in some social media talk about this.
I was surprised, why every time there is bad news about cryptocurrency it's easier to be viral than when there is good news. In other words to increase the popularity of Bitcoin with bad news is something that is not healthy, because if this happens. Many people consider Bitcoin vulnerable to fraud, this is not good for Bitcoin adoption. We better stop talking regarding Twitter hacked accounts. Title: Re: Twitter hacked account. Details about what really happened Post by: Sadlife on July 19, 2020, 11:59:52 PM So it was human error after all, but im just curious how can a regular employee has access to their admin system ?
Because if they have dedicated servers that use unix machines that has higher security because of its file system restrictions. How did they manage to breakthrough that security ? Title: Re: Twitter hacked account. Details about what really happened Post by: suzanne5223 on July 21, 2020, 09:48:28 PM Ehm, so this also means that Twitter employees has tools that will allow them to manipulate your account? What's the limit there? Dont know the limit but according to the message twitter admin posted in the blog I provided in the OP I'm afraid twitter have tools which will allow them to manipulate their user accounts which make twitter worse than facebook.Quote At this time, we believe attackers targeted certain Twitter employees through a social engineering scheme. What does this mean? In this context, social engineering is the intentional manipulation of people into performing certain actions and divulging confidential information. Even how they explain their part still there is a bridge in their security and hacking still happens,What do they want from people to understand the ability of hacker?The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets. We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken. In addition, we believe they may have attempted to sell some of the usernames. For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. This is a tool that is meant to provide an account owner with a summary of their Twitter account details and activity. We are reaching out directly to any account owner where we know this to be true. None of the eight were verified accounts. Title: Re: Twitter hacked account. Details about what really happened Post by: Kelvinid on July 21, 2020, 10:19:23 PM Is this an inside job? How this twitter losing its reputation, it is most likely some of their people had work in the dark web selling known and big-name individual's account for a dark reason. It is to come out that they are the cause of all of this and I don't know how they gain back the trust of its users. Pretty hard.
This hacking sentiment implies that more it happens because of the one or two persons inside who knows more. It can't just tell about manipulation or manipulating tool but obviously, there is money involved here and it triggers them to commit such thing. I'm sorry but this is not a hacking incident, it is really an intention to let someone took the control from your account. |
