Is this an inside job? How this twitter losing its reputation, it is most likely some of their people had work in the dark web selling known and big-name individual's account for a dark reason. It is to come out that they are the cause of all of this and I don't know how they gain back the trust of its users. Pretty hard.
This hacking sentiment implies that more it happens because of the one or two persons inside who knows more. It can't just tell about manipulation or manipulating tool but obviously, there is money involved here and it triggers them to commit such thing. I'm sorry but this is not a hacking incident, it is really an intention to let someone took the control from your account.
Topic: Twitter hacked account. Details about what really happened (Read 224 times)
hero member
Activity: 2590
Merit: 650
Want top-notch marketing for your project, Hire me
Ehm, so this also means that Twitter employees has tools that will allow them to manipulate your account? What's the limit there?
Dont know the limit but according to the message twitter admin posted in the blog I provided in the OP I'm afraid twitter have tools which will allow them to manipulate their user accounts which make twitter worse than facebook.Quote
At this time, we believe attackers targeted certain Twitter employees through a social engineering scheme. What does this mean? In this context, social engineering is the intentional manipulation of people into performing certain actions and divulging confidential information.
The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets. We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken. In addition, we believe they may have attempted to sell some of the usernames.
For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. This is a tool that is meant to provide an account owner with a summary of their Twitter account details and activity. We are reaching out directly to any account owner where we know this to be true. None of the eight were verified accounts.
Even how they explain their part still there is a bridge in their security and hacking still happens,What do they want from people to understand the ability of hacker?The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets. We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken. In addition, we believe they may have attempted to sell some of the usernames.
For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. This is a tool that is meant to provide an account owner with a summary of their Twitter account details and activity. We are reaching out directly to any account owner where we know this to be true. None of the eight were verified accounts.
So it was human error after all, but im just curious how can a regular employee has access to their admin system ?
Because if they have dedicated servers that use unix machines that has higher security because of its file system restrictions. How did they manage to breakthrough that security ?
Because if they have dedicated servers that use unix machines that has higher security because of its file system restrictions. How did they manage to breakthrough that security ?
Lots of topics in this forum about Twitter hacked accounts, because not only in this forum, even in some social media talk about this.
I was surprised, why every time there is bad news about cryptocurrency it's easier to be viral than when there is good news. In other
words to increase the popularity of Bitcoin with bad news is something that is not healthy, because if this happens. Many people consider
Bitcoin vulnerable to fraud, this is not good for Bitcoin adoption. We better stop talking regarding Twitter hacked accounts.
I was surprised, why every time there is bad news about cryptocurrency it's easier to be viral than when there is good news. In other
words to increase the popularity of Bitcoin with bad news is something that is not healthy, because if this happens. Many people consider
Bitcoin vulnerable to fraud, this is not good for Bitcoin adoption. We better stop talking regarding Twitter hacked accounts.
The halving event is not much discussed in the media but after this twitter hack, everyone is talking about crypto currencies on the media. I don't say that we need such hacks to make bitcoin more popular but bitcoin knowledge and awareness has increase to a great extent after this hack.
Employees with so much powers and privileges and easily fall for a social engineering attack! What makes things worse is that it's not a single employee who got hacked but many of them.
It makes me wonder how serious the Twitter owners/leaders when it comes to recruiting their employees. Don't they get any cybersecurity trainings?!
What's frustrating is that they didn't even admit their mistake and took responsibility for it.
It makes me wonder how serious the Twitter owners/leaders when it comes to recruiting their employees. Don't they get any cybersecurity trainings?!
What's frustrating is that they didn't even admit their mistake and took responsibility for it.
You can have the more secure system, but the human fact still a big vulnerability for any system, and the only way to make it secure is by founding a way to take out this human factor.
Se social engineering attacks have become popular and with time they become more complex, today we can't trust mails, phone calls or any kind of digital contact.
And was nice to read an explanation from the twitter team, lot of us were curious about what really happened there.
Se social engineering attacks have become popular and with time they become more complex, today we can't trust mails, phone calls or any kind of digital contact.
And was nice to read an explanation from the twitter team, lot of us were curious about what really happened there.
Ehm, so this also means that Twitter employees has tools that will allow them to manipulate your account? What's the limit there?
I think that's really dangerous, not to mention hacking like this can happen again, but they can potentially abuse their rights and sell your data. Not sure if this is the standard practice there but I'd never use any personal details to use the website if I knew this. They could sell the accounts and then said "Nah you guys might be phished somewhere".
I think that's really dangerous, not to mention hacking like this can happen again, but they can potentially abuse their rights and sell your data. Not sure if this is the standard practice there but I'd never use any personal details to use the website if I knew this. They could sell the accounts and then said "Nah you guys might be phished somewhere".
Yes yes! That depends on which department you are assigned.
I have worked in a third party business outsourcing before as customer service representative and literally, before the client is able to talk his concerns to me, I already have his basic personal information already. So, how much more for those employees in the technical and programming department that's maintaining all the data inputted in a daily basis.
And the scenario you have in your example is very possible to happen.
The same risks with the Bitcoin that's stored in a custodial and exchange wallets.
That's really a shame for twitter since the hackers were successful social engineering the twitter employees.
Shame is the precise word for the owner of twitter, having a system breach like this really hurt their business, knowingthat there are so many people who've got victimized by this hacking activities.
Being such a well established social media platform twitter should have had higher security on this one.
Mostly on a inside job thing, twitter have that high securities but if the hacking happen inside, we never know.This shows how you are not so safe on the internet and why we should all educate ourself to be self secured online.
This hacking and even you have the right knowledge it's behind your control.
So, they are basically saying twitter employee has the access to email, password and 2FA of users. This is an absurd negligence from the twitter team and they should be held responsible for any loss occurred. Social engineer would get access to peoples personal things not that of it's employees. There's more than social engineering involved.
I don't think so, I guess I can see what the hackers did to be able to get into the accounts, they sent a password reset request to the twitter support then they pretend to be the owner the account then there's the duplicated emails made by the hackers to get the same verification process. The only mistake that the twitter support did was they did not fully verified the identity of the requests made by an unknown person. This is only the hole I can see with the twitter right now. 
That's really a shame for twitter since the hackers were successful social engineering the twitter employees.
Being such a well established social media platform twitter should have had higher security on this one.
This shows how you are not so safe on the internet and why we should all educate ourself to be self secured online.
Being such a well established social media platform twitter should have had higher security on this one.
This shows how you are not so safe on the internet and why we should all educate ourself to be self secured online.
Looks like thier employees have too much power on the platform
Who would have the power in the company if not the employees? We do not know which access level was responsible for the leak. Don't forget that managers and group leaders are also employees. If they had no access to sensitive data they wouldn't be able to deal with support cases, user verification, account management and all that.
Looks like thier employees have too much power on the platform
And that is centralisation for you, maybe they have this tools at their disposal and maybe not all staff have the level. But the one that the hackers was able to social engineer might have access to the control panel that monitors everything including access to all accounts that's why it is very easy for the hackers to use it and make the tweet without raising any alarms for the owners themselves. So this hacks also exposes Twitter security that a backdoor is a possibility that exposes the password in plaintext.
Ehm, so this also means that Twitter employees has tools that will allow them to manipulate your account? What's the limit there?
I think that's really dangerous, not to mention hacking like this can happen again, but they can potentially abuse their rights and sell your data. Not sure if this is the standard practice there but I'd never use any personal details to use the website if I knew this. They could sell the accounts and then said "Nah you guys might be phished somewhere".
Yeah, I am also concerned with that. It's interesting how Twitter seems to focus on hackers in this story, but doesn't say it's also their fault and that they clearly store some data they aren't supposed to be storing. The passwords weren't accessed, it seems, so a version that it's related to passwords being briefly stored in plain text (there were stories about that with Twitter before) doesn't seem to be getting confirmed. But if via accounts of the employees it's possible to manipulate 2FA and reset passwords, they clearly have more access than they're supposed to have. I think that's really dangerous, not to mention hacking like this can happen again, but they can potentially abuse their rights and sell your data. Not sure if this is the standard practice there but I'd never use any personal details to use the website if I knew this. They could sell the accounts and then said "Nah you guys might be phished somewhere".
Looks like thier employees have too much power on the platform
Twitter support released a statement today about how the hacker was able to manipulate over 100 twitter accounts. Source
These statements won't help twitter any good. There system is compromised and it is a big question mark on their security. Twitter contains the data of millions of people and such breaches cannot be tolerated. They need to spend more money to secure their systems from the hackers.
Ehm, so this also means that Twitter employees has tools that will allow them to manipulate your account? What's the limit there?
I think that's really dangerous, not to mention hacking like this can happen again, but they can potentially abuse their rights and sell your data. Not sure if this is the standard practice there but I'd never use any personal details to use the website if I knew this. They could sell the accounts and then said "Nah you guys might be phished somewhere".
I think that's really dangerous, not to mention hacking like this can happen again, but they can potentially abuse their rights and sell your data. Not sure if this is the standard practice there but I'd never use any personal details to use the website if I knew this. They could sell the accounts and then said "Nah you guys might be phished somewhere".
Twitter employees have the tools to delete tweets that violate Twitter's Terms of Service and also suspend and ban accounts that violate the rules set by Twitter.There's nothing wrong with that.The big problem is that Twitter employees can access Twitter accounts and change the account settings.
This should be changed ASAP.
Like I've written here before-I'm done with social media websites and I will never create a new social media account.
If you ever plan to register on a social media platform,using fake info is the best move.
I don't believe that twitter employees might start selling accounts.It would be really easy to track such activity.
So, they are basically saying twitter employee has the access to email, password and 2FA of users. This is an absurd negligence from the twitter team and they should be held responsible for any loss occurred. Social engineer would get access to peoples personal things not that of it's employees. There's more than social engineering involved.
and that is my concern as well,now they are proving that twitter users has no privacy at all. 
Social engineering? Do you also mean it includes hypnotism? Correct me if I'm wrong my fellow Filipinos, I think we had a local version for it which is called "Budol budol" 
. Where the fraudsters will suddenly approach you out of nowhere and then talk with you a lot until you let your guard down and will not notice that you are already complying with their demands.
. Where the fraudsters will suddenly approach you out of nowhere and then talk with you a lot until you let your guard down and will not notice that you are already complying with their demands. Here's the correction you're looking for. Looks like you need to do some research concerning social engineering; and no. Social engineering doesn't necessarily mean it includes hypnotism.
https://terranovasecurity.com/examples-of-social-engineering-attacks/
I worked before as I technical support staff, so we have access to the system, so we all know that the first lesson is not to engage to anyone from outside, otherwise its a recipe for a disaster, which eventually happen. You will always treat in like outside threat, and now that it seems Twitter has been exposed already. Maybe they just used this "Social Engineering" term, but it has more to it, I guess.
So you meant that there's a possibility that hacked happened was might an inside job? Or maybe I have an assumption that the hacker was also ex-technical support staff. Because hackers know what is the weakness of the system, through by this hackers was able to manipulate the system and compromised those high-profiled accounts. And here is the thing that comes up in my mind, why it took so long time before they froze those hacked accounts or even delete the hack attempt tweet? Hmmm.Speaking of high profile accounts, I wonder why President Donald Trump didn't hack his account.
Probably because hackers know that he isn't Bitcoin's friendly.I noticed that the Twitter company didn't state how they will improve their security system.
The hackers could access any accounts but they didn't even bother going into Trumps and they knew no one is believing him anyway. People would rather listen to Kayne West on twitter than to trump.
Jump to: