UPDATE: Over 1,000 Twitter employees and contractors are said to have had access to the same internal tools that are believed to have allowedcyber criminals to obtain control over36 high-profile accounts, according to two former Twitter employees.
Speakingto Reuters, the former staff members familiar with Twitter security practices said that, in early 2020, theseemployees had the power to make changes to user account settings as well as hand over the controls to other parties.
The number includes not only permanent Twitter staff, but also contractors from American IT services provider Cognizant, raisingquestions as to why so many people were given such widereaching security privileges.
Advertisement - Article continues below
The former employees also told Reuters that, despite last weeks breach, the companys security policy is still animprovement on procedures operated during their time at the company. Twitter had decided to crack down on breaches by logging the activity of its staff following an incident in November 2019, when an employee was caught allegedly spying for the Saudi Arabian government.
According to Ilia Kolochenko, founder and CEO of web security company ImmuniWeb, the attack was"enhanced by exploitation of other weaknesses in Twitters internal security.
It is not excluded that the attackers were assisted by an insider or were exploiting a high-risk vulnerability detected in one of Twitter's web systems. Otherwise, we may reasonably infer that Twitter has virtually no internal security controls and best practices that we should normally expect from a tech company of its size, he said.
Meanwhile, on a call to investors on Thursday, Twitter Chief Executive Jack Dorsey admitted to missteps:
Advertisement - Article continues below
We fell behind, both in our protections against social engineering of our employees and restrictions on our internal tools, he said.
23/07/2020: Cyber criminals who targeted 130 accounts as part of last weeks major Twitter hack gained access to the private communications of up to 36 account holders, the company has confirmed.
Among the targeted individuals, hackers compromised 45 accounts to the extent they were able to send tweets, and a fourth 36 had their direct messages accessed, according to the firm. It's believed at least eight accounts had their archived account data accesed through the Your Twitter Data tool, which holds the entirety of their account activity, although none of these eight accounts are verified on the platform.
Twitter hasnt indicated whether there's any overlap between those whose accounts were compromised, those whose DMs were accessed, and those whose archived data wasdownloaded.
E-signatures 2020: Use cases and opportunities
Your comprehensive guide to how e-signatures can benefit your business
Several high-profile individuals, including former US President Barack Obama and democratic frontrunner Joe Biden were among those involved in the hack, evidenced by a number ofTweets promoting a fraudulent Bitcoin buy-back scheme,suggestingthesewere among the 45. Other accounts tweeting in such a way included Jeff Bezos, Bill Gates, and other prominent business figures.
Advertisement - Article continues below
The fraudulent tweets described a scheme in which any Bitcoin donated to a specific wallet would be returned to the user doubled. To date, the scam has attracted396 Bitcoin transactions worth more than 96,000 in all.
Generally, should a hacker gain full control of an account to the point they could send tweets, they would also be able to read previously sent direct messages, or even send new ones with ease.
Twitter, however, has insisted that just one elected official, an unnamed Dutch politician, was among those whose DMs were accessed. There is currently no indication, the company added, that any other former or current elected officials had their DMs accessed, ruling out the likes of Obama or Biden as being among the 36.
Although attackers gained full control over some accounts, Twitter has said they would have been unable to view previous passwords as these are not stored inplain text. It added that even with access to internal tools hackers would still have been unable to view these.
Advertisement - Article continues below
Hackers were, however, able to view personal information, including email addresses and phone numbers, which are displayed to some employees who have access to internal company support tools.
Of the accounts that were taken over,hackerswere able to view what Twitter has described as additional information. The company added its forensic investigation of these activities is still ongoing.
McAfee founder John McAfee, meanwhile, has suggested his own Twitter account has been either hacked or frozenin the past 12 hours, with some tweets disappearing or seen by only a handful of individuals. It's unclear whether these reports are related with last week's major hack.
As the probe continues, Twitter said it would further secure its systems to prevent future attacks, and roll out additional company-wide training to guard against social engineering tactics.
This story was updated on 24/07/2020
The IT Pro guide to audio collaboration
Make audio a priority for a successful remote working strategy
How malware and bots steal your data
Protect your organisation with a layered defence
Modern networking for the borderless enterprise
5 ways top organisations are optimising networking at the edge
IT managers best practice guide to hybrid cloud
Your blueprint to hybrid cloud success
Go here to read the rest:
More than 1,000 Twitter employees had the security access needed to aid hackers - IT PRO
- John McAfee: Verge (XVG) is the Best Buy; XVG Price ... - February 6th, 2018 [February 6th, 2018]
- John McAfee Says DOGE Is His Coin of the Week - February 23rd, 2018 [February 23rd, 2018]
- John McAfee Admits Bitcoin Is A Total Scam - Your News Wire - March 13th, 2018 [March 13th, 2018]
- John McAfee Resurfaces With a Bang as Adviser to Crypto ... - March 16th, 2018 [March 16th, 2018]
- John McAfee: 'CIA Compromised Every Router In America' - April 1st, 2018 [April 1st, 2018]
- John McAfee announces bid for 2020 US presidential election - June 5th, 2018 [June 5th, 2018]
- Is John McAfee Pumping Cryptocurrencies for Cash ... - June 14th, 2018 [June 14th, 2018]
- John McAfees Latest Prediction: Major Crypto Price Surge ... - July 3rd, 2018 [July 3rd, 2018]
- John McAfee Says There is a War on Cryptocurrencies ... - July 13th, 2018 [July 13th, 2018]
- John McAfee Fled to Belize, But He Couldnt Escape Himself - July 26th, 2018 [July 26th, 2018]
- John McAfee Says He's No Longer Pitching ICOs "Due To SEC ... - July 26th, 2018 [July 26th, 2018]
- The New Fight | John McAfee - July 26th, 2018 [July 26th, 2018]
- John McAfee Fled to Belize, But He Couldnt ... - WIRED - July 27th, 2018 [July 27th, 2018]
- Teen hacks John McAfee's 'unhackable' crypto-baby to play ... - August 11th, 2018 [August 11th, 2018]
- John McAfee Boldly Predicts Bitcoin Will Surpass $15,000 Next ... - August 20th, 2018 [August 20th, 2018]
- John McAfee: I keep a gun in my hand while showering, sitting ... - August 26th, 2018 [August 26th, 2018]
- John McAfee: I keep a gun in my hand while showering ... - August 29th, 2018 [August 29th, 2018]
- Seth Rogen & Michael Keaton Join John McAfee Film King Of ... - October 30th, 2018 [October 30th, 2018]
- Seth Rogen, Michael Keaton Starring in John McAfee Movie ... - October 30th, 2018 [October 30th, 2018]
- John McAfee, Ripple (XRP) and the SEC - Global Coin Report - December 19th, 2018 [December 19th, 2018]
- Security Solutions: Endpoint, Cloud, Network ... - mcafee.com - December 23rd, 2018 [December 23rd, 2018]
- John McAfee undeterred by crashing market, says Bitcoin will ... - December 27th, 2018 [December 27th, 2018]
- John McAfee on Bitcoin: You Cant Stop It, Reiterates $1 ... - December 27th, 2018 [December 27th, 2018]
- JOHN MCAFEE: I'll decrypt the San Bernardino phone free of ... - December 28th, 2018 [December 28th, 2018]
- Blockchain wins the John McAfee Award for Destroying Time and ... - January 2nd, 2019 [January 2nd, 2019]
- Dr. John McAfee, MD - Book an Appointment - Carson City, NV - January 2nd, 2019 [January 2nd, 2019]
- John McAfee's Warning About That Presidential Alert - The ... - January 2nd, 2019 [January 2nd, 2019]
- John McAfee: "The Bull Market IS coming" - Ethereum World News - January 22nd, 2019 [January 22nd, 2019]
- John McAfee Biography - Thefamouspeople.com - January 22nd, 2019 [January 22nd, 2019]
- 'The Bitcoin (BTC) Bull Market IS Coming,' Reassures John ... - February 4th, 2019 [February 4th, 2019]
- JOHN MCAFEE: Join the crusade to save our country ... - March 7th, 2019 [March 7th, 2019]
- John McAfee: How No One Got Laid Through Ashley Madison ... - March 7th, 2019 [March 7th, 2019]
- McAfee Stands By $1 Million Bitcoin Price Prediction By 2020 - April 14th, 2019 [April 14th, 2019]
- Will McAfee Disclose Nakamoto's Identity? Crypto Will Suffer ... - April 20th, 2019 [April 20th, 2019]
- John McAfee 'knows true identity of Bitcoin creator Satoshi ... - April 20th, 2019 [April 20th, 2019]
- John McAfee - IMDb - April 20th, 2019 [April 20th, 2019]
- John McAfee Triggers Countdown to Unmask Bitcoin Creator ... - April 20th, 2019 [April 20th, 2019]
- John McAfee Dares Bitcoin SV Creator Craig Wright to ... - May 5th, 2019 [May 5th, 2019]
- Bitcoin Below $1M by 2020 is Impossible, It's Pure ... - May 13th, 2019 [May 13th, 2019]
- Bitcoin Price Will Reach $1 Million in 2020, Or Youre an ... - May 13th, 2019 [May 13th, 2019]
- Bored? John McAfees New App Will Harass & Reward You in BTC - May 13th, 2019 [May 13th, 2019]
- John McAfee asks his Twitter followers to stop sending him ... - May 13th, 2019 [May 13th, 2019]
- John McAfee slams US authorities as government closes in - May 13th, 2019 [May 13th, 2019]
- Overstock Shares Crash as Former CEO Cashes Out Goes All In on Crypto and Gold - CCN.com - September 25th, 2019 [September 25th, 2019]
- Tezos Pumps On Binance Listing, But What About US Crypto Exchange? - newsBTC - September 25th, 2019 [September 25th, 2019]
- Charles Hoskinson Interview From Ethereum To Cardano And IOHK - Nasdaq - September 25th, 2019 [September 25th, 2019]
- Bakkt to Launch Bitcoin Futures in Three Days, John McAfee: It ould Jump-Start Crypto Adoption - U.Today - September 25th, 2019 [September 25th, 2019]
- John McAfee Speaks On the Beatzcoin IEO Hosting On Probit Exchange - Coinpedia - September 25th, 2019 [September 25th, 2019]
- John McAfee: Bitcoin Custody to Become the Standard - CryptoPotato - September 25th, 2019 [September 25th, 2019]
- Federal Reserve Ramping Up Repo Operations In Early 2020 Will Prove A Strong Case For Bitcoin - ZyCrypto - December 16th, 2019 [December 16th, 2019]
- Verge Crashes Over 15% Ahead of Scheduled Hard Fork - Bitcoinist - December 16th, 2019 [December 16th, 2019]
- Mike Novogratz Starts 2020 with a Simpler Prediction for Bitcoin - Live Bitcoin News - January 5th, 2020 [January 5th, 2020]
- Trevon James Promised (And Claims He Did) Eating His Dogs Poop If Bitcoin Isnt At $10 By 2020 - CryptoPotato - January 5th, 2020 [January 5th, 2020]
- 7 Big Bitcoin and Cryptocurrency Predictions for 2020 - The Daily Hodl - January 5th, 2020 [January 5th, 2020]
- The Dickening of John McAfee is Less Than 1 year Away - The Merkle Hash - January 5th, 2020 [January 5th, 2020]
- Crypto Baron John McAfee Claims He Put Up Show Together with CIA and Zombie Coin - U.Today - January 5th, 2020 [January 5th, 2020]
- Let's look at what McAfee had to say about Bitcoin in 2019 - CryptoNewsZ - January 5th, 2020 [January 5th, 2020]
- John McAfee: Bitcoin Is Ancient Technology, As Ford Model T For Cars - CryptoPotato - January 5th, 2020 [January 5th, 2020]
- $1mn by 2020: John McAfee will still eat his own d*ck if ... - January 5th, 2020 [January 5th, 2020]
- I want the stage: McAfee will run for president in ... - January 5th, 2020 [January 5th, 2020]
- Bring it on! Hack This Bitcoin Wallet And Win $250,000, GK8 Dares Hackers - Coinfomania - February 1st, 2020 [February 1st, 2020]
- Binance CEO Strikes Back At FUD Over Reports That Exchange Is Not Authorized To Operate In Malta - ZyCrypto - February 24th, 2020 [February 24th, 2020]
- XRP Price Expected to Hit $1 Minimum as We Approach 2021 - U.Today - February 24th, 2020 [February 24th, 2020]
- John McAfee Praises Privacy Crypto, Reveals the Secret of Technical Progress - U.Today - February 24th, 2020 [February 24th, 2020]
- Johnny Depp: Upcoming Movies He Will Be Seen In - The Digital Weekly - February 24th, 2020 [February 24th, 2020]
- The rise, and fall, and rise of John McAfee, from tech ... - February 29th, 2020 [February 29th, 2020]
- John McAfee 2020 presidential campaign - Wikipedia - February 29th, 2020 [February 29th, 2020]
- 7 Things You Probably Didn't Know About John McAfee - February 29th, 2020 [February 29th, 2020]
- IRS fugitive John McAfee sent to UK after stint in ... - February 29th, 2020 [February 29th, 2020]
- Satoshi Nakaboto: Steven Seagal to pay $330K settlement for promoting a Bitcoin scam - The Next Web - March 4th, 2020 [March 4th, 2020]
- Satoshi Nakaboto: Bitcoin drives 50% of Cash Apps revenue - The Next Web - March 4th, 2020 [March 4th, 2020]
- Tim Draper's Proposal To Replace the US Dollar With Bitcoin (BTC) - UseTheBitcoin - March 4th, 2020 [March 4th, 2020]
- Alamance County makes its choices at the polls - Burlington Times News - March 4th, 2020 [March 4th, 2020]
- Elon Musk Just Sent The Best Cryptocurrency And Prank Bitcoin Rival Sharply HigherHeres Why - Forbes - March 4th, 2020 [March 4th, 2020]
- Social media companies are taking steps to tamp down coronavirus misinformation but they can do more - Middletown Press - March 31st, 2020 [March 31st, 2020]
- Over $7 Billion In Investments Expected to Enter the Cryptocurrency Market - Coin Idol - April 2nd, 2020 [April 2nd, 2020]
- Social media companies are taking steps to tamp down coronavirus misinformation but they can do more - Alton Telegraph - April 2nd, 2020 [April 2nd, 2020]
- Conservative Voices Are Pumping Out Coronavirus Misinformation on Twitter - Vanity Fair - April 2nd, 2020 [April 2nd, 2020]
- Social media platforms caught up in information overload amid coronavirus pandemic - The Sociable - April 2nd, 2020 [April 2nd, 2020]
- McAfee Finally On The Right Path - Forbes - April 2nd, 2020 [April 2nd, 2020]