Twitter mass hacking. Inside job? Oh my.
Oh my.
BBC has summarised the Twitter hack succinctly in their article "Major US Twitter accounts hacked in Bitcoin scam" The official accounts of major, verified users were targeted by hackers in what appears to be a Bitcoin scam. "Everyone is asking me to give back," a tweet from Mr Gates' account said. "You send $1,000, I send you back $2,000."
Twitter said it was a "co-ordinated" attack targeting its employees "with access to internal systems and tools". Twitter had to take the extraordinary step of stopping many verified accounts marked with blue ticks from tweeting altogether.
Password reset requests were also being denied and some other "account functions" disabled.
It appears that the hackers convinced a Twitter employee to help them. "We used a rep that literally done all the work for us," one of the hackers told Motherboard. A Twitter spokesperson told Motherboard that the company is still investigating whether the employee hijacked the accounts themselves or gave hackers access to the tool. The accounts were taken over using an internal tool at Twitter, the accounts appear to have been compromised by changing the email address associated with them using the tool. Twitter has been deleting some screenshots of the panel and has suspended users who have tweeted them, claiming that the tweets violate its rules.
This is an example of the issue of insider data access that pervades many newer companies and tech companies in particular. Their laissez-faire attitude to user access is possibly one of the root causes of this issue. ALL companies need to implement good segregation of access processes in order to protect their customer data, and ability to hijack customer systems.
Oh my.
Comments
Post a Comment