Back to Insights

Twitter Breach : Massive Cyber Attack Of 2020

Cyber security 07/24/2020 - 14:05 by Ruchika Tyagi

Twitter Data Breach 2020 Case Study

One more hack and this one is the biggest social media cyberattack with 130 accounts hacked but unfortunately, this is not the first time when Twitter got hacked. In 2017, an employee deleted President Donald Trump’s account on his last day of work. Last year hackers were successful in hijacking the account of Jack Dorsey Twitter CEO. By the SIM swap attack on AT&T, a mobile provider of the phone number tied to Jack Dorsey’s account.  

It all started after a tweet requesting donations in cryptocurrency from the official accounts of Apple & Uber followed by Tesla  CEO – Elon Musk and Microsoft co-founder Bill Gates then hackers took over accounts of Barak Obama, Biden, Mike Bloomberg, Amazon CEO – Jeff Bezos, Floyd Mayweather,  entertainers Kanye West and wife Kim Kardashian and many more well-known personalities. 

Twitter also revealed that hackers have downloaded personal information including private messages, email accounts, address books,  images & videos attached to private messages of up to 8 individuals.

The tweet noted “All Bitcoin sent to the address below will be sent back double! If you send $1000, I will send back $2000. Only doing this for 30 minutes. [the link]. Enjoy!”

What is the impact of the Twitter hack?

It could be one of the most expensive in high profile time with the hack of high, profile public Twitter executives and celebrities' Twitter accounts raising so many questions on cybersecurity. Hackers started tweeting out links to Bitcoin scams. It was reported that in just 24 hours, the Bitcoin wallet got a value of $120,000 Analysis of 518 transactions by Chain analysis, a research company that tracks the movement of cryptocurrencies.

The stock market value of Twitter has gone down. This is not only financial loss but also reputation loss. And the followers lost their money by falling into this trap.

Is it just a smokescreen of a big incident or is it over? We will come to know as time goes by.

But we need to understand the reasons behind it. For now, there are no details on how this happens.

What could be possible ways to hack Twitter?

Hackers got access to an internal Twitter administrative tool for one or all of the reasons mentioned below:

  • Hackers tricked an employee with a spear-phishing scam & stole the password of Twitter’s system administrators.
  • Someone coerced an employee to provide access.
  • Coordinated social engineering attacks on some employees having access to administrative tools.
  • By bribing employees.
  • Hackers might exploit a vulnerability in a particular system and might have got access to every computer that runs on that system’s software.
  • Not having strong Privileged Access Management Solutions, otherwise, should raise the flag if there is any change in the popular Twitter accounts.

After getting access to the Twitter administrative tool then they might have hacked these 130 popular Twitter accounts with Sim Swapping.

What is Sim Swapping?

Sim Swapping: Attackers can change the email address of the attached account and disable multi-factor authentication. Hackers trick the mobile network into transferring your number to a sim card in hacker’s possession – including the one-time security code required to get worse personal accounts.

Itgo worse if the hackers go on like disrupting an election, taking control of the stock market, attempting to start a war by issuing false statements from the world leader’s accounts.

Actions taken by Twitter

Twitter locked all the affected accounts and removed posts by the attackers. And acknowledged the incident and announced, “it’s a coordinated social engineering attack” and working on it to fix it.

Could the attack be prevented?

Maybe yes. This incident has highlighted that all major social media platfoYouTubeh as Facebook, Twitter, and YouTube, cross-check their security measures & administrative access and roles. This signals that whatever we do online, even our private chats is at risk without proper security and administrative controls. Though it is not the reason behind this attack but it highlights the weakest link in the cybersecurity chain is “User” or “Human error”. Maybe this hack will serve as a wake-up call.

No matter how many cybersecurity control measures are there in the infrastructure, companies must provide proper security awareness training. Due to COVID-19, working from home has become the new normal, and companies and their employees are on the radar of cybercriminals.

How Teceze can help you?

Teceze can help you adopt cybersecurity measures to mitigate cyber risks and make your system robust enough to combat prevailing cyber threats.

Teceze cybersecurity assessment can help in understanding, managing, controlling, and mitigating the cyber threats across your organizations. The major purpose of a cyber risk assessment is to guide the decision-maker and support proper risk responses.

The only way to protect what you’ve worked hard to build is to be vigilant when it comes to cybersecurity. If you’d like to know more about how your business can benefit from managed services, just give us a call, we are here to help.

Twitter arevealed that hackers have downloaded personal information including the private messages, email accounts, images & videos to private messages