'Spying of celebrities by contractors' has been recognized for several years before Twitter hijacking


by Esther Vargas

In July 2020, it was reported that Twitter celebrity accounts were hijacked all at once and used in bitcoin fraud. The hacking incident is believed to have taken place through social engineering, which takes advantage of human behavioral errors and psychological gaps, rather than using malware. Twitter was aware that 'the personal information of a celebrity is being spy on by a Twitter contractor.'

Years before big hack, Twitter contractors reportedly spied on celebs, including Beyoncé-The Verge
https://www.theverge.com/2020/7/27/21340581/twitter-big-hack-contractors-spied-celebs-beyonce-bitcoin

Twitter Hack: Broad Access to User Accounts, Security Woes-Bloomberg
https://www.bloomberg.com/news/articles/2020-07-27/twitter-s-security-woes-included-broad-access-to-user-accounts

On July 15, 2020, to major companies such as Apple and Uber, Tesla and SpaceX founder Elon Musk, Microsoft co-founder Bill Gates, former US President Barack Obama , Twitter accounts of prominent celebrities such as Democratic Party presidential candidate Joe Biden were hacked all at once.

Twitter companies and celebrity accounts such as Apple and Elon Musk are hacked at once-GIGAZINE



Twitter said the hack was done using social engineering for employees. Bitcoin scams were tweeted on the hijacked account, causing more than 10 million yen of damage.

Twitter account details of large-scale hacking case announced by Twitter, up to 8 accounts may have stolen detailed data such as DM-GIGAZINE



According to Bloomberg, the hack is believed to have been caused by a leak of information via a Twitter contractor. About 1500 of the 186 billion Twitter account management contractor employees have the authority to see user policy violations, reset accounts, and override security settings. The presence of employees at these contractors has been Twitter's long-standing concern, Bloomberg reports. The personal information that many contractor employees can access is limited to email addresses and phone numbers, but it can be a starting point for hacking.

``Since there were many'holes' in that control, from 2017 to 2018 some contractors tracked personal information such as'location information inferred from IP address' of celebrities including Beyonce by fake inquiry I was doing an 'account peep game' that I was doing,' Bloomberg spelled. Note that Cognizant, one of Twitter's contractors, has not commented on this matter.

The attacker appears to have asked for cooperation from the insiders of the above-mentioned position to provide inside information. Specifically, regarding how the attacker obtained Twitter's internal information, The New York Times reported that they obtained confidential information from Twitter's internal Slack channel, and Motherboard said that the attacker gave employees money and I 'm supposed to get the information in exchange.

According to two former members of the Twitter security team, the problem of account access to Twitter was shared by Twitter's board of directors almost every year from 2015 to 2019, but it seems to be a problem among executives. It was not done. Two former employees say some contractors have been laid off on the issue, but others have successfully escaped and escaped the layoffs and resumed fraud.

in Security, Posted by darkhorse_log