Twitter Accounts that belong to famous celebs such as Joe Biden, Bill Gates, Elon Musk and Apple, including several other high-profile accounts, were compromised on Wednesday. Twitter said that it believes to be specifically an attack on some of its employees having access to the company’s internal tools, as per a news report.
“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” Twitter’s support team said late Wednesday.
According to the news report, the attackers have posted tweets on the Twitter Accounts that seem to promote a cryptocurrency scam or crypto scam. The compromised accounts, along with those of former President Barack Obama, Kim Kardashian West, Warren Buffett, Kanye West, Jeff Bezos and Mike Bloomberg, has posted similar tweets soliciting the donations via Bitcoin (BTC) to their verified Twitter Accounts or profiles on the said day.
Brandon Hoffman, CISO, Head of Security Strategy at Netenrich, a San Jose, Calif.-based provider of IT, cloud, and cybersecurity operations and services, says, “There is a lot of interesting speculation floating around about today’s Twitter hack. Due to a lack of any reliable or apparent source, that is really all anybody can provide at this time. As a security expert, there are many possible situation that could have led here. At this time none are probable though. The idea floating around that there is a user administrative panel that was accessed through an employee’s credentials is on fire. It is on fire for two reasons. The first is that credentials are likely going to be the way this was perpetrated. The second being that the existence of a user admin panel, which shouldn’t exist, in such an iconic tech company like Twitter is so scandalous that security people will eat it up. Other popular theories will surface about a Twitter insider, or some zero day, possibly an unknown credential stealing piece of malware. In the end I think we will find out that somehow credentials were stolen, either from an employee or from the account holders themselves through a variety of methods. The credentials were probably offered for sale on the dark web in piecemeal form and a cybercriminal with vision bought them for this campaign. However, that’s just another theory.”
“There’s several ways these high profile Twitter accounts could have been compromised. For example, a fairly common support feature is to allow administrative and other privileged personnel to impersonate other users to test functionality as that user. So if Twitter has made this sort of a setup available, it is quite possible an account with access to this feature was compromised therefore leading to additional account compromise. As such, if a staff (or worse, a privileged) account was compromised, it could also just be using it to reset passwords and login for the targeted accounts. SMS interception on password resets, and password reset logic flaws are also vectors for general social media account compromise. Additional other ways for Twitter account compromise are generally due to phishing attacks or linked accounts being taken over, but the number of accounts being compromised so quickly makes these attack vectors somewhat unlikely unless carefully coordinated and orchestrated by a syndicated effort. However, without a detailed analysis, we are all just speculating.”
Source: Security Magazine
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.