21-Year-Old Linked to Massive Twitter Hack - Page 2

KrebsOnSecurity does a deep dive into what we know
By John Johnson,  Newser Staff
Posted Jul 17, 2020 12:03 PM CDT

  • Key question: One of the big unknowns is whether the hackers also gained access to users' private DMs, notes 9to5Mac. Given the major world players involved, that could have major implications down the road. Tech-savvy people may know that DMs aren't protected well enough for use in sensitive matters, but lots of people might assume they're perfectly safe and private.
  • Method: In its reporting on the hack, the Times has this: "Investigators know that at least one employee's account and credentials were taken over and used to gain access to an internal dashboard, allowing the infiltrator to control most Twitter accounts."
  • No alerts: A security researcher affected by the hack tells Krebs: "The way the attack worked was that within Twitter's admin tools, apparently you can update the email address of any Twitter user, and it does this without sending any kind of notification to the user. So [the attackers] could avoid detection by updating the email address on the account first, and then turning off [two-factor authentication]."
  • Not over? As Twitter investigates, the FBI and state regulators are doing the same, and lawmakers are demanding answers. Meanwhile, one tech expert tells Business Insider this probably isn't over. "In security, you're paid to be paranoid," says Kevin O'Brien, CEO of the cloud email security company GreatHorn. "And the paranoia says there was something else happening at the same time, or these accounts were being accessed in ways that are far more damaging."
(Read more Twitter stories.)

We use cookies. By Clicking "OK" or any content on this site, you agree to allow cookies to be placed. Read more in our privacy policy.
Get the news faster.
Tap to install our app.