Twitter hacked account. Details about what really happened

[Sanugarid]

So, they are basically saying twitter employee has the access to email, password and 2FA of users. This is an absurd negligence from the twitter team and they should be held responsible for any loss occurred. Social engineer would get access to peoples personal things not that of it's employees. There's more than social engineering involved.

I don't think so, I guess I can see what the hackers did to be able to get into the accounts, they sent a password reset request to the twitter support then they pretend to be the owner the account then there's the duplicated emails made by the hackers to get the same verification process. The only mistake that the twitter support did was they did not fully verified the identity of the requests made by an unknown person. This is only the hole I can see with the twitter right now.

[matchi2011]

That's really a shame for twitter since the hackers were successful social engineering the twitter employees.

Shame is the precise word for the owner of twitter, having a system breach like this really hurt their business, knowing
that there are so many people who've got victimized by this hacking activities.

Being such a well established social media platform twitter should have had higher security on this one.

Mostly on a inside job thing, twitter have that high securities but if the hacking happen inside, we never know.

This shows how you are not so safe on the internet and why we should all educate ourself to be self secured online.

This hacking and even you have the right knowledge it's behind your control.

[Oasisman]

Ehm, so this also means that Twitter employees has tools that will allow them to manipulate your account? What's the limit there?

I think that's really dangerous, not to mention hacking like this can happen again, but they can potentially abuse their rights and sell your data. Not sure if this is the standard practice there but I'd never use any personal details to use the website if I knew this. They could sell the accounts and then said "Nah you guys might be phished somewhere".

Yes yes! That depends on which department you are assigned.
I have worked in a third party business outsourcing before as customer service representative and literally, before the client is able to talk his concerns to me, I already have his basic personal information already. So, how much more for those employees in the technical and programming department that's maintaining all the data inputted in a daily basis.
And the scenario you have in your example is very possible to happen.

The same risks with the Bitcoin that's stored in a custodial and exchange wallets.

[seoincorporation]

You can have the more secure system, but the human fact still a big vulnerability for any system, and the only way to make it secure is by founding a way to take out this human factor.

Se social engineering attacks have become popular and with time they become more complex, today we can't trust mails, phone calls or any kind of digital contact.

And was nice to read an explanation from the twitter team, lot of us were curious about what really happened there.

[khaled0111]

Employees with so much powers and privileges and easily fall for a social engineering attack! What makes things worse is that it's not a single employee who got hacked but many of them.
It makes me wonder how serious the Twitter owners/leaders when it comes to recruiting their employees. Don't they get any cybersecurity trainings?!
What's frustrating is that they didn't even admit their mistake and took responsibility for it.

[MFahad]

The halving event is not much discussed in the media but after this twitter hack, everyone is talking about crypto currencies on the media. I don't say that we need such hacks to make bitcoin more popular but bitcoin knowledge and awareness has increase to a great extent after this hack.

[MCobian]

Lots of topics in this forum about Twitter hacked accounts, because not only in this forum, even in some social media talk about this.
I was surprised, why every time there is bad news about cryptocurrency it's easier to be viral than when there is good news. In other
words to increase the popularity of Bitcoin with bad news is something that is not healthy, because if this happens. Many people consider
Bitcoin vulnerable to fraud, this is not good for Bitcoin adoption. We better stop talking regarding Twitter hacked accounts.

[Sadlife]

So it was human error after all, but im just curious how can a regular employee has access to their admin system ?
Because if they have dedicated servers that use unix machines that has higher security because of its file system restrictions. How did they manage to breakthrough that security ?

[suzanne5223]

Ehm, so this also means that Twitter employees has tools that will allow them to manipulate your account? What's the limit there?

Dont know the limit but according to the message twitter admin posted in the blog I provided in the OP I'm afraid twitter have tools which will allow them to manipulate their user accounts which make twitter worse than facebook.

At this time, we believe attackers targeted certain Twitter employees through a social engineering scheme. What does this mean? In this context, social engineering is the intentional manipulation of people into performing certain actions and divulging confidential information.

The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets. We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken. In addition, we believe they may have attempted to sell some of the usernames.

For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. This is a tool that is meant to provide an account owner with a summary of their Twitter account details and activity. We are reaching out directly to any account owner where we know this to be true. None of the eight were verified accounts.

Even how they explain their part still there is a bridge in their security and hacking still happens,What do they want from people to understand the ability of hacker?

Do you even read to understand my message because it shows how centralized and how they can manipulate or steal peoples information if they want to.

[Kelvinid]

Is this an inside job? How this twitter losing its reputation, it is most likely some of their people had work in the dark web selling known and big-name individual's account for a dark reason. It is to come out that they are the cause of all of this and I don't know how they gain back the trust of its users. Pretty hard.  

This hacking sentiment implies that more it happens because of the one or two persons inside who knows more. It can't just tell about manipulation or manipulating tool but obviously, there is money involved here and it triggers them to commit such thing. I'm sorry but this is not a hacking incident, it is really an intention to let someone took the control from your account.