“Protecting people’s privacy and security is a top priority for Twitter, and it is not a responsibility we take lightly,” the statement said. “We have been continuously investing in improvements to our teams and our technology that enable people to use Twitter securely. This work is constant and always evolving.”
The high-profile hack saw several celebrity accounts taken over by a bitcoin scam that promised victims a 100% return on their investments. In addition to Obama and Musk, the hackers were able to take over accounts belonging to Joe Biden, Kim Kardashian West, Uber and Apple, among others. As one of the nation’s top regulators of virtual currency, the Department launched its investigation into the attack shortly after it came to light, and is based on subpoenas, witness interviews and documentary records.
Wednesday’s report said an unnamed 17-year-old hacker and several accomplices began calling Twitter employees pretending to offer help with the company’s VPN issues. The attack compromised at least one employee to start who did not have direct access to the celebrity accounts, but later expanded to include other employees who did have access. Aspects of the scam were reported last month by Wired.
“Since switching to remote working, VPN problems were common at Twitter,” the report said. “The Hackers then tried to direct the employee to a phishing website that looked identical to the legitimate Twitter VPN website and was hosted by a similarly named domain.”
The hackers used the fake website to steal the employee’s login credentials, the report said, then typed the stolen information into Twitter’s real administrative website, prompting a multi-factor authentication challenge, which the employee completed, granting access to Twitter’s backend.
Ultimately, the scheme resulted in a bitcoin scam that was spread widely to millions of users, and resulted in a haul of $118,000 worth of bitcoin, the report said.
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.