On July 15th, 2020 Twitter suffered the most devastating security breach in the company’s history. More than a dozen of verified accounts that have millions of followers kept posting scam tweets for about 2 hours.
The scam
Scammers weren’t too creative as usual, and just sent almost identical messages that assured that everyone who sends any amount of money to a certain bitcoin wallet would immediately receive twice as much. Despite the totally bizarre content of the messages, the names of the verified accounts played their role, and within 3 hours scammers were able to receive about $118 000.
The list of more than a dozen compromised accounts includes Barack Obama, Joe Biden, Elon Musk, Jeff Bezos, Bill Gates, Apple, Uber, and CashApp.
Twitter’s reaction
Twitter’s reaction was quite slow. At first, the scam tweets were deleted, but only to appear again. It took the company 2 hours to finally take the step that worked – to lock down more than 300 000 verified accounts of its users until the threat was secured later that day.
Twitter has experienced several security breaches before, for example in 2017 Donald Trump’s account was deleted. And though it was done by Twitter’s employee, and the account was quickly restored, still the incident shouldn’t have happened in such a reliable social network.
What we know so far is that probably the attack was carried out by hackers getting access to the high-level internal Twitter system, it’s possible that a Twitter employee was involved in the attack. The attack was not the result of weak user passwords or any reckless actions of the users.
What can we learn
Since the pandemic threatened the society and our wellbeing, more hacker attacks and scams started to appear. Now is the time to secure your system and understand that the security chain is only as strong as its weakest link.
Things to pay attention to, and check your system
1. React quickly.
Twitter’s reaction was slow, it took the company more than 2 hours to respond radically. Set up full monitoring, stay on guard, know what is happening in your system, and be ready to react quickly. The less time you give the hackers, the less harm they would be able to inflict.
2. If something happened once, and you eliminated only the consequences, then it will happen again.
Look at the threats you had in the past, and ask yourself, have you eliminated all the causes, are they secured now? Twitter has had incidents of hacker attacks before, bitcoin scam and impersonating accounts have been operating on Twitter for years unresolved, and it only lead to a more harmful breach.
3. Are all the passwords strong?
Even if your users’ passwords are strong and their actions are impeccable, but only one employee uses their name for the login and password, your system is exactly as strong as that one weak password.
4. Do you trust your employees?
Twitter claims there might be an inside issue that caused the breach. How do you check your employees? Is there a system that you use to ensure the people that access sensitive data can be trusted?
5. Apply the principle of least privilege.
Every employee should have access only to what they directly need for doing their job, no more. Always assume that anyone can intentionally or accidentally cause harm – this will protect your system from unnecessary security threats. Remember, it is possible that a Twitter employee is responsible for this biggest security breach in the company’s history.
Make the security of your system your first priority!
If you have doubts regarding the security of your system, or just want to check if everything is safe, ask us. We’ll audit your system and give our recommendations.
Contact us
