Company Twitter a preliminary analysis of a security incident in its infrastructure, as a result of which attackers seized control of the accounts of many famous people and companies, including Bill Gates, Elon Musk, Barack Obama, Mike Bloomberg, Apple and Uber, the creator of Amazon and various cryptocurrency platforms, including Coinbase and Gemini. During a targeted attack, fraudulent messages were posted on the captured Twitters, the essence of which was the intention of the owner to hold a charity event, in which everyone can transfer any amount of funds to the specified bitcoin wallet and receive double the amount in return. The "share" was limited to time or total amount. As a result, in this way the scammers were able to collect 120 thousand dollars.
Twitter explained that the attackers used social engineering techniques to gain access to the infrastructure. During the manipulation of several support staff, they fraudulently managed to gain access to the account of one of the support specialists and successfully pass two-factor authentication. Further, using the service interface of the support service, a reset and password change was initiated for a number of known accounts. At the same time, the attackers were not able to obtain the available passwords, which are not stored in the clear and are not available through the support service interface.
The activity of the attackers touched 130 accounts, for 45 of which they managed to reset the password, enter the account and send fraudulent messages. There are suspicions that in addition to sending messages, the attackers may have tried to sell some of the captured accounts. Attackers could also see full statistics on account activity and some personal data that is not shown publicly, such as email and phone number.
According to other sources, According to Vice, from people believed to be involved in the attack, a Twitter employee was bribed into gaining access to the helpdesk interface. As evidence of their involvement, the informants provided screenshots of the internal interface of Twitter with information about one of the compromised accounts.
Source: opennet.ru