On Thursday morning Twitter reported that it had suffered a hack which compromised its internal system.
The hack involved social engineering in which a Twitter employee gave the attackers access to internal systems. Through these systems the attackers were able to take control of certain accounts and tweet out a Bitcoin scam.
The social network has now reported that as many as 130 accounts were targeted by the attackers.
“We’re working with impacted account owners and will continue to do so over the next several days. We are continuing to assess whether non-public data related to these accounts was compromised, and will provide updates if we determine that occurred,” Twitter reported.
Since news of the attack broke there have been several reports that a Twitter employee worked with the attackers.
Vice Motherboard has spoken to two anonymous sources who claim to have either worked with a Twitter employee or paid an employee for access to Twitter’s systems.
Of course knowing how the attackers took over is still up in the air but Vice Motherboard has reportedly seen screenshots of the tools used to take over the accounts.
The tools are used internally by Twitter and relay information about the account. Twitter is reportedly removing images of the tool which are being tweeted.
As for the damage done, Kaspersky suggest that 367 users fell for the scam and unknowingly transferred $120 000 in Bitcoin to the attackers.
Twitter says it is working with the affected account owners and will continue to do so over the next few days.
“We have also been taking aggressive steps to secure our systems while our investigations are ongoing. We’re still in the process of assessing longer-term steps that we may take and will share more details as soon as we can,” the social network added.
Twitter continues to investigate the incident and as more information is released we will continue to provide updates.
[Image – CC 0 Pixabay]