Although most likely still not as outrageous as Facebook’s involvement in the US political scene a few years back that opened a lots cans of worms, the current security occurrence at Twitter definitely has the social networking giant reeling from both the PR fallout along with legal repercussions. Offered its popular function in today’s society, it’s not something it can calmly sweep under a carpet until everyone forgets and is most likely compelled to upgrade the public on its ongoing investigations. Its recent update sheds more light on how hackers were even able to get hold of prominent accounts and it pretty much puts the blame on employees that were regrettably fooled into helping those scoundrels.
To some level, Twitter is saying that the internal support and account management tools that were abused in this event are great on a technological level. The issue, nevertheless, is that its safeguards aren’t advanced sufficient to protect it from the one aspect that can’t straight be fixed with code or innovations: human vulnerability.
Twitter discusses that hackers targeted a little number of employees with a phone spear-phishing social engineering technique, a more sophisticated kind of phishing that personally targets people by impersonating somebody or some entity they may in fact know. While the initial batch of employees didn’t have direct access to Twitter’s internal tools, the hackers were still able to get glean some information from Twitter’s internal systems and processes enough to deceive more staff members that did have access to those tools.
36 accounts had their direct messages accessed and 7 had their Twitter Data downloaded. Twitter has been in contact with affected users and brought back access to those locked out of their accounts.
While this investigation is ongoing, nevertheless, Twitter will be upgrading its tools and systems to guard against this kind of attack. That will be impacting much of its material moderation and user assistance procedures. It says that downloading Twitter Data is presently affected and responses to support inquiries, offense reports, and even developer applications will be sluggish while it deals with protecting its internal systems.