Twitter hackers used “phone spear phishing” in mass account takeover

Twitter hackers used “phone spear phishing” in mass account takeover

Enlarge (credit: Tom Raftery)

The hackers behind this month’s epic Twitter breach targeted a small number of employees through a “phone spear phishing attack,” the social media site said on Thursday night. When the pilfered employee credentials failed to give access to account support tools, the hackers targeted additional workers who had the permissions needed to access the tools.

“This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” Twitter officials wrote in a post. “This was a striking reminder of how important each person on our team is in protecting our service. We take that responsibility seriously and everyone at Twitter is committed to keeping your information safe.

Thursday's update also disclosed that the hackers downloaded personal data from seven of the accounts, but didn't say which ones.

Read 8 remaining paragraphs | Comments



from RSSMix.com Mix ID 8290670 https://ift.tt/3hWlIBx

Comments

Post a Comment

Popular posts from this blog

Index and Credo lead a $2.75M seed in anti-fraud tech, Resistant AI

Image
Prague based Resistant AI has nabbed a $2.75M seed round. The security startup’s machine learning technology is designed to be deployed on top of AI systems used for financial decision making to protect customers in markets such as financial services and ecommerce from attacks such as targeted manipulation, adversarial machine learning and advanced fraud. The seed round was co-led by Index Ventures (Jan Hammer) and Credo Ventures (Ondrej Bartos and Vladislav Jez). Seedcamp also participating, along with Daniel Dines, CEO of UiPath; Michal Pechoucek, CTO of Avast and other unnamed angel investors. Bartos joins the board of directors on behalf of the investors. The startup sells an additional layer of protection that’s specifically designed for tightening security around automated functions such as credit risk scoring and anti-money laundering by using tech to detect fake documents that feed such systems. Its tech is also aimed at uncovering suspicious patterns of transactions whic...
Read more

UK's Metro Bank confirms it has faced an SS7 attack intercepting 2FA codes; a telecom lobbying group previously told Congress such an attack is "theoretical" (Joseph Cox/Motherboard)

Image
Joseph Cox / Motherboard : UK's Metro Bank confirms it has faced an SS7 attack intercepting 2FA codes; a telecom lobbying group previously told Congress such an attack is “theoretical”   —  Motherboard has identified a specific UK bank that has fallen victim to so-called SS7 attacks, and sources say the issue is wider than previously reported. from Techmeme http://bit.ly/2FYYCex
Read more

This Week in Apps: Facebook’s other Clubhouse rival, Apple details ATT, App Store trial nears

Image
Welcome back to This Week in Apps,  the weekly TechCrunch series  that recaps the latest in mobile OS news, mobile applications and the overall app economy. The app industry is as hot as ever, with a record  218 billion downloads and $143 billion in global consumer spend in 2020. Consumers last year also  spent  3.5 trillion minutes using apps on Android devices alone. And in the U.S., app usage surged ahead of the time spent watching live TV. Currently, the average American watches 3.7 hours of live TV per day, but now spends four hours per day on their mobile devices. Apps aren’t just a way to pass idle hours — they’re also a big business. In 2019, mobile-first companies had a  combined $544 billion valuation, 6.5x higher than those without a mobile focus. In 2020, investors poured $73 billion in capital into mobile companies — a figure that’s up 27% year-over-year. This Week in Apps will soon be a newsletter! Sign up here: techcrunch.com/news...
Read more