Clouds. 51.6   F New York
AI-Powered News Summarizer
Technology

The shocking Twitter hack this summer started with a tech support scam, New York regulators allege

October 14, 2020. Summarized by summa-bot.

The hackers who took over a number of high profile Twitter accounts, including those belonging to Barack Obama and Elon Musk, for several hours this summer gained entry into Twitter's internal systems simply by posing as company IT officials making a support call, according to an investigative report Wednesday by New York regulators.

(CNN)The hackers who took over a number of high profile Twitter accounts, including those belonging to Barack Obama and Elon Musk, for several hours this summer gained entry into Twitter's internal systems simply by posing as company IT officials making a support call, according to an investigative report Wednesday by New York regulators.

At the time of the July 15 attack, Twitter had no chief information security officer and suffered from poor internal security controls, the report concluded.

Officials behind the report called for additional cybersecurity regulation of major tech platforms.

"In other industries that are deemed critical infrastructure, such as telecommunications, utilities, and finance, we have established regulators and regulations to ensure that the public interest is protected," said the report from New York's Department of Financial Services.

In a statement, Twitter said it has taken steps to enhance the security of its platform, cooperated with the Department's investigation, and that multiple arrests have been carried out in the wake of the attack.

"Protecting people's privacy and security is a top priority for Twitter, and it is not a responsibility we take lightly," the statement said.

Wednesday's report said an unnamed 17-year-old hacker and several accomplices began calling Twitter employees pretending to offer help with the company's VPN issues.

"Since switching to remote working, VPN problems were common at Twitter," the report said.

"The Hackers then tried to direct the employee to a phishing website that looked identical to the legitimate Twitter VPN website and was hosted by a similarly named domain. "

The hackers used the fake website to steal the employee's login credentials, the report said, then typed the stolen information into Twitter's real administrative website, prompting a multi-factor authentication challenge, which the employee completed, granting access to Twitter's backend.

Ultimately, the scheme resulted in a bitcoin scam that was spread widely to millions of users, and resulted in a haul of $118,000 worth of bitcoin, the report said.

Summarizer is on Google News. Now you can get the latest AI summarized news on your favorite news platform.

Don't like Google News? We have an RSS Feed for you.

Suggestions