Twitter hacked account. Details about what really happened

[suzanne5223]

Twitter support released a statement today about how the hacker was able to manipulate over 100 twitter accounts. Source

At this time, we believe attackers targeted certain Twitter employees through a social engineering scheme. What does this mean? In this context, social engineering is the intentional manipulation of people into performing certain actions and divulging confidential information.

The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets. We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken. In addition, we believe they may have attempted to sell some of the usernames.

For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. This is a tool that is meant to provide an account owner with a summary of their Twitter account details and activity. We are reaching out directly to any account owner where we know this to be true. None of the eight were verified accounts.

[CODE200]

This has been the very news since yesterday, been seeing a lot of posts about it and upon reading I don't really believe that those attacks were just too miraculous to happen. We have seen an attacks from twitter accounts but none of those were belong to the verified and popular personalities including Joe Biden, which is a pro-bitcoiner I must say which also makes him as a target. This is what @theymos also sees as a reason, this includes the twitter support so they can get through the 2FA protections, very clever indeed.

[Quidat]

Twitter support released a statement today about how the hacker was able to manipulate over 100 twitter accounts. Source

It doesnt matter on whats the actual reason on said breach or twitter account hacks.Its just that their employees are just too dumb or they do suck when it comes to security.
Neither one of those reasons, surely Twitter does really have that kind of negative impression by its users but at least they are trying to solve out everything but i dont fully
100% trusting up on the words that they've been telling on public.We wont know if whats the actual reason if its totally social engineering attack or whatsoever.

[Baofeng]

Also goes to show that Twitter has some kind of backdoor panel that can really access any accounts regardless if you have 2FA. And maybe the hackers have somewhat other plans besides using bitcoin, to look for data because the hacks not just involved crypto personalities, but those people political people and rich and billionaires. And that is why the FBI is stepping into the picture to investigate this further.

[Wexnident]

What's it called, Social Engineering? Heard it about in a hacking movie in the past where the guy was basically able to manipulate employees into allowing him to do stuff that looks fine, but really isn't. Got the name from the movie Who Am I.

Anw, considering how the hacks went, it was understandable how there were inside works, and if there weren't it'd actually make these hackers quite insane imo. I can't really blame the staff if they got tricked into doing something they didn't even know was wrong. It's not that they were ignorant but rather the actions done by the hackers didn't seem like it'd actually affect their system, that is, in their eyes. It is kind of odd though, how they're internal staff were the ones that got tricked. That, or they're pretty much hiding some info to avoid their system from being doubted. The Social Engineering trick did happen, but who knows if they really got in through internal staff though.

[cryptomaniac_xxx]

Anw, considering how the hacks went, it was understandable how there were inside works, and if there weren't it'd actually make these hackers quite insane imo. I can't really blame the staff if they got tricked into doing something they didn't even know was wrong. It's not that they were ignorant but rather the actions done by the hackers didn't seem like it'd actually affect their system, that is, in their eyes. It is kind of odd though, how they're internal staff were the ones that got tricked. That, or they're pretty much hiding some info to avoid their system from being doubted. The Social Engineering trick did happen, but who knows if they really got in through internal staff though.

I worked before as I technical support staff, so we have access to the system, so we all know that the first lesson is not to engage to anyone from outside, otherwise its a recipe for a disaster, which eventually happen. You will always treat in like outside threat, and now that it seems Twitter has been exposed already. Maybe they just used this "Social Engineering" term, but it has more to it, I guess.

[joniboini]

Ehm, so this also means that Twitter employees has tools that will allow them to manipulate your account? What's the limit there?

I think that's really dangerous, not to mention hacking like this can happen again, but they can potentially abuse their rights and sell your data. Not sure if this is the standard practice there but I'd never use any personal details to use the website if I knew this. They could sell the accounts and then said "Nah you guys might be phished somewhere".

[NavI_027]

At this time, we believe attackers targeted certain Twitter employees through a social engineering scheme. What does this mean? In this context, social engineering is the intentional manipulation of people into performing certain actions and divulging confidential information.

Social engineering? Do you also mean it includes hypnotism? Correct me if I'm wrong my fellow Filipinos, I think we had a local version for it which is called "Budol budol" . Where the fraudsters will suddenly approach you out of nowhere and then talk with you a lot until you let your guard down and will not notice that you are already complying with their demands. 

But I still do not believe on this thing because all of us got their own free will. If you really do not want to spill the confidential data then you won't do it at all. So maybe there's an extortion happened or the worst is an inside job.

[sheenshane]

I worked before as I technical support staff, so we have access to the system, so we all know that the first lesson is not to engage to anyone from outside, otherwise its a recipe for a disaster, which eventually happen. You will always treat in like outside threat, and now that it seems Twitter has been exposed already. Maybe they just used this "Social Engineering" term, but it has more to it, I guess.

So you meant that there's a possibility that hacked happened was might an inside job? Or maybe I have an assumption that the hacker was also ex-technical support staff. Because hackers know what is the weakness of the system, through by this hackers was able to manipulate the system and compromised those high-profiled accounts. And here is the thing that comes up in my mind, why it took so long time before they froze those hacked accounts or even delete the hack attempt tweet? Hmmm.

Speaking of high profile accounts, I wonder why President Donald Trump didn't hack his account. Probably because hackers know that he isn't Bitcoin's friendly.

I noticed that the Twitter company didn't state how they will improve their security system.

[Tipstar]

So, they are basically saying twitter employee has the access to email, password and 2FA of users. This is an absurd negligence from the twitter team and they should be held responsible for any loss occurred. Social engineer would get access to peoples personal things not that of it's employees. There's more than social engineering involved.

[tsaroz]

I worked before as I technical support staff, so we have access to the system, so we all know that the first lesson is not to engage to anyone from outside, otherwise its a recipe for a disaster, which eventually happen. You will always treat in like outside threat, and now that it seems Twitter has been exposed already. Maybe they just used this "Social Engineering" term, but it has more to it, I guess.

So you meant that there's a possibility that hacked happened was might an inside job? Or maybe I have an assumption that the hacker was also ex-technical support staff. Because hackers know what is the weakness of the system, through by this hackers was able to manipulate the system and compromised those high-profiled accounts. And here is the thing that comes up in my mind, why it took so long time before they froze those hacked accounts or even delete the hack attempt tweet? Hmmm.

Speaking of high profile accounts, I wonder why President Donald Trump didn't hack his account. Probably because hackers know that he isn't Bitcoin's friendly.

I noticed that the Twitter company didn't state how they will improve their security system.

The hackers could access any accounts but they didn't even bother going into Trumps and they knew no one is believing him anyway. People would rather listen to Kayne West on twitter than to trump.

[mk4]

Social engineering? Do you also mean it includes hypnotism? Correct me if I'm wrong my fellow Filipinos, I think we had a local version for it which is called "Budol budol" . Where the fraudsters will suddenly approach you out of nowhere and then talk with you a lot until you let your guard down and will not notice that you are already complying with their demands. 

Here's the correction you're looking for. Looks like you need to do some research concerning social engineering; and no. Social engineering doesn't necessarily mean it includes hypnotism.

https://terranovasecurity.com/examples-of-social-engineering-attacks/

[btc78]

At this time, we believe attackers targeted certain Twitter employees through a social engineering scheme. What does this mean? In this context, social engineering is the intentional manipulation of people into performing certain actions and divulging confidential information.

The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets. We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken. In addition, we believe they may have attempted to sell some of the usernames.

For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. This is a tool that is meant to provide an account owner with a summary of their Twitter account details and activity. We are reaching out directly to any account owner where we know this to be true. None of the eight were verified accounts.

Even how they explain their part still there is a bridge in their security and hacking still happens,What do they want from people to understand the ability of hacker?if there is someone to blame this is them and no one else.

Now their popularity and trust from user has been compromise because of this situation.

So, they are basically saying twitter employee has the access to email, password and 2FA of users. This is an absurd negligence from the twitter team and they should be held responsible for any loss occurred. Social engineer would get access to peoples personal things not that of it's employees. There's more than social engineering involved.

and that is my concern as well,now they are proving that twitter users has no privacy at all.

[davis196]

Ehm, so this also means that Twitter employees has tools that will allow them to manipulate your account? What's the limit there?

I think that's really dangerous, not to mention hacking like this can happen again, but they can potentially abuse their rights and sell your data. Not sure if this is the standard practice there but I'd never use any personal details to use the website if I knew this. They could sell the accounts and then said "Nah you guys might be phished somewhere".

Twitter employees have the tools to delete tweets that violate Twitter's Terms of Service and also suspend and ban accounts that violate the rules set by Twitter.There's nothing wrong with that.The big problem is that Twitter employees can access Twitter accounts and change the account settings.
This should be changed ASAP.
Like I've written here before-I'm done with social media websites and I will never create a new social media account.
If you ever plan to register on a social media platform,using fake info is the best move.
I don't believe that twitter employees might start selling accounts.It would be really easy to track such activity.

[noormcs5]

Twitter support released a statement today about how the hacker was able to manipulate over 100 twitter accounts. Source

These statements won't help twitter any good. There system is compromised and it is a big question mark on their security. Twitter contains the data of millions of people and such breaches cannot be tolerated. They need to spend more money to secure their systems from the hackers.

[naomi-the-cat]

Looks like thier employees have too much power on the platform

[kryptqnick]

Ehm, so this also means that Twitter employees has tools that will allow them to manipulate your account? What's the limit there?

I think that's really dangerous, not to mention hacking like this can happen again, but they can potentially abuse their rights and sell your data. Not sure if this is the standard practice there but I'd never use any personal details to use the website if I knew this. They could sell the accounts and then said "Nah you guys might be phished somewhere".

Yeah, I am also concerned with that. It's interesting how Twitter seems to focus on hackers in this story, but doesn't say it's also their fault and that they clearly store some data they aren't supposed to be storing. The passwords weren't accessed, it seems, so a version that it's related to passwords being briefly stored in plain text (there were stories about that with Twitter before) doesn't seem to be getting confirmed. But if via accounts of the employees it's possible to manipulate 2FA and reset passwords, they clearly have more access than they're supposed to have.

[Jating]

Looks like thier employees have too much power on the platform

And that is centralisation for you, maybe they have this tools at their disposal and maybe not all staff have the level. But the one that the hackers was able to social engineer might have access to the control panel that monitors everything including access to all accounts that's why it is very easy for the hackers to use it and make the tweet without raising any alarms for the owners themselves. So this hacks also exposes Twitter security that a backdoor is a possibility that exposes the password in plaintext.

[coolcoinz]

Looks like thier employees have too much power on the platform

Who would have the power in the company if not the employees? We do not know which access level was responsible for the leak. Don't forget that managers and group leaders are also employees. If they had no access to sensitive data they wouldn't be able to deal with support cases, user verification, account management and all that.

[pawanjain]

That's really a shame for twitter since the hackers were successful social engineering the twitter employees.
Being such a well established social media platform twitter should have had higher security on this one.
This shows how you are not so safe on the internet and why we should all educate ourself to be self secured online.