Twitter shares details on the recent hack
The Twitterverse quickly realised this was a scam, but the publicly-listed Bitcoin addresses had already amassed around $300k of cryptocurrency. Twitter locked down the accounts, and provided an explanation:
"Shortly after we became aware of the ongoing situation, we took preemptive measures to restrict functionality for many accounts on Twitter - this included things like preventing them from Tweeting or changing passwords. [...] We also locked accounts where a password had been recently changed out of an abundance of caution." |
"We believe attackers targeted certain Twitter employees through a social engineering scheme. [...] The attackers successfully manipulated a small number of employees and used their credentials to access Twitter's internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets." |
Now to sum it up, this Kirk dude gained access to Twitter's admin tools by being added to Twitter's internal Slack channel where the details he needed are posted. He used this access to initially sell usernames to the gaming community, but that he stopped when the FBI got involved.
-
Mort Blacklock -
Thanks - Reply
{{ DiscussionBoard.errors[11612591].message }} -