Article 56BSA Twitter hackers used “phone spear phishing” in mass account takeover

Twitter hackers used “phone spear phishing” in mass account takeover

by
Dan Goodin
from Ars Technica - All content on (#56BSA)
twitter-icon-800x534.jpg

Enlarge (credit: Tom Raftery)

The hackers behind this month's epic Twitter breach targeted a small number of employees through a phone spear phishing attack," the social media site said on Thursday night. When the pilfered employee credentials failed to give access to account support tools, the hackers targeted additional workers who had the permissions needed to access the tools.

This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems," Twitter officials wrote in a post. This was a striking reminder of how important each person on our team is in protecting our service. We take that responsibility seriously and everyone at Twitter is committed to keeping your information safe."

Thursday's update also disclosed that the hackers downloaded personal data from seven of the accounts, but didn't say which ones.

Read 8 remaining paragraphs | Comments

index?i=j5MZpYcvYzM:JTK350JD_V0:V_sGLiPB index?i=j5MZpYcvYzM:JTK350JD_V0:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments