What to Know about the High-Profile Twitter Attack

What to Know about the High-Profile Twitter Attack

What do you need to know about the high-profile Twitter attack? 

Twitter, the global social media platform, suffered one of the most widespread and devastating attacks in its history. Unfortunately, the full extent of the attack is still under investigation. However, we do know enough to explore what happened and discuss potential ways to protect your own business

The High-Profile Twitter Attack targeted some of the most famous users on the platform, including Barack Obama, Joe Biden, Elon Musk, Michael Bloomberg, and Kim Kardashian. Some businesses also suffered in the attack, such as Apple. Compromised accounts began promoting a link to a bitcoin scam, which the accounts continually reposted (often faster than they could be deleted). The attack proved effective enough that Twitter took the unprecedented step of blocking all tweets from all verified users.  

Most verified users can now post again, although Twitter did state that they might reinforce the mass ban if they believe necessary. 

How did this high-profile Twitter attack happen? The exact details remain unclear. However, it appears that Twitter HQ suffered from a coordinated social engineering attack. Additionally, it seems that a particular internal tool allowing Twitter to access and post from individual accounts fell into the wrong hands. In fact, photos of said tool appeared on multiple Twitter accounts, with Twitter deleting the photos and sometimes deleting accounts that reposted them. 

The attack raises multiple questions. One concerns privacy; why does Twitter have the power to post from any verified user’s accounts? How does the company use this power? Does it tie into data collection, and if so, how? 

Another concerns social engineering attacks and authentication at the corporate level. Hackers should not have had such an easy time conducting their attack; most experts consider it lucky that the hackers lacked the imagination to do substantial damage through their malicious access. Twitter should have implemented multiple authentication factors for this kind of privilege. 

We turn to the experts to learn more.       

What Experts Say About the High-Profile Twitter Attack

Logan Kipp

Logan Kipp is the Director at website cybersecurity firm SiteLock

“With any compromise, the targeted business jeopardizes losing user trust. The recent Twitter compromise is a prime example of how proactive employee training can be one of the best defenses from malicious actors. Cybercriminals were able to access the high-profile accounts by tricking employees via a “coordinated social engineering attack” into giving up their credentials. Twitter, and any business with troves of data, passwords, etc., need to make security awareness training a top priority to better protect its people and users’ data against cyberattacks. Training staff on being an effective human firewall is more critical than it has ever been. Employees are often the first line of defense and if they don’t know how to spot common attack methods like spear phishing, smishing, and whaling, cybercriminals will be quick to take advantage.”

Ed Bishop

Ed Bishop is CTO at Tessian.

“Although this incident started with a social engineering attack, this is just the beginning. Once someone’s account has been compromised, an attacker will often launch a horizontal attack within the organization to compromise more internal accounts, until they reach the account with the permissions they need. The attacker must have either known Twitter’s systems or spent time poking around, to learn how to backdoor into people’s accounts and tweet on their behalf.” 

“Twitter’s description of the attack highlights the need to protect people within an organization at all costs. Social engineering attacks — often a spear-phishing email that impersonates a trusted party — are designed to trick or persuade an employee to visit a fraudulent website that then steals credentials or installs malware. This incident also shows the importance of limiting permissions for administrators.” 

Thanks to the experts for their time and expertise. For more, check out the Identity Management Buyer’s Guide.

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner