Screenshots of the social media giant’s internal user administration tool went viral in underground hacking forums. This came after a series of account takeovers on the platform.
Two insiders close to the source claimed that the tool is used by employees who have access to internal tools and systems. Such enabled them to manage user accounts. Another source mentioned that this panel was also used to transfer OG accounts while monitoring the cryptocurrency scam tweets from notable Twitter accounts. The said OG accounts consisted of one or two characters.
Twitter Increased Security for Real Followers
Twitter doubled-down on its security measures in response to the breach of high-profile accounts like Uber and Apple. Even the likes of presidential hopeful Joe Biden’s Twitter account was used to tweet cryptocurrency scam as part of a hack. With the growing Twitter followers on the platform, this is necessary.
Additionally, accounts like Bill Gates, Jeff Bezos, Barrack were also hijacked and cryptocurrency platforms Binance, Coinbase, and Gemini. The hacked tweets said that they had collaborated with an organization called CryptoForHealth. It claimed to double peoples’ bitcoin as long as they transferred to an address first.
Twitter quickly took down the cryptocurrency scam tweets from these accounts. The company also immediately went under investigation. This resulted in users experiencing limited account functionality like the ability to tweet, change passwords, etc.
Losing Twitter Followers and Suspended Accounts for Crypto-Scam
Twitter has also deleted and suspended accounts trying to tweet the screenshots, citing that these tweets violate its policies. A series of deleted tweets from a suspended user showed screenshots of the panel itself. The screenshots in question revealed information about the user’s account and its suspension status, particularly if it has been suspended, permanently suspended, or under protected status.
A similar screenshot obtained by Under The Breach was tweeted to suggest that a worker hacked several accounts. Notably, The Breach is a company specializing in data breach monitoring. This tweet was quickly removed and replaced with a message saying that it violated Twitter rules.
It’s still not clear if either a worker compromised the information themselves or if external sources could breach access into the panel. Although, Twitter believes it may be due to a ‘coordinated social engineering attack. The attack that the company claims specifically targeted at employees with access to internal systems and tools.
Twitter’s Internal Tools Were Part of the Hack
Besides the verified accounts, the range of the operation remains to be seen. However, it suggests that there is a critical security loophole in the platform’s account recovery process. A breach made through a third-party app may also be possible. Absent this. Another possibility is that it was made possible by gaining access through a Twitter worker’s admin privileges.
So far, Twitter has only confirmed that its internal tools were part of the hack. However, it did not cite which specific tools or privileges were hijacked.
Twitter was able to get the situation under control. But some people had already fallen for the scam and sent money to the bitcoin address. With the nature of blockchain-based cryptocurrency being public, the records of the transactions were public as well. According to the address, the scammer collected nearly $120,000 from numerous users.
The Twitter panel is a clear illustration of the dangers of insider data access in tech giants. This access has led to numerous instances of hackers bribing workers to gain access to individual users. It also leads to the recent hacks on big accounts on the platform to gain income.
The Hack Served As A Wake-up Call For Big Techs and Tech Experts
The breach was a wake-up call for the tech giant and the tech experts concerning privacy and data security. Cybersecurity experts cite that a breach of this scale could have massive consequences, given the verified accounts had millions of followers.