With limited confirmed information, a raft of theories and circumstantial evidence has come to light as to who was behind the attack and how they carried it out.

UPDATED 7/18 at 12:50 p.m. ET

Earlier this week, Twitter locked down thousands of verified accounts, including the accounts of Joe Biden, Bill Gates, Elon Musk, Apple, Uber and others, after it became clear that hackers had been able to compromise them. The tip-off? Suddenly these high-profile accounts were all tweeting out identical links to a cryptocurrency scam.

But what exactly happened? As Threatpost reported on Wednesday, Twitter’s internal investigation is ongoing, but the social-media giant did say that hackers had somehow compromised the company’s internal systems and secured employee privileges. Beyond that, a raft of sources are offering bits and pieces of the puzzle – some verified, some not.

On Saturday, Twitter posted a 900-word summary of the attack outlining what it knows. It stated that the company was hit with a social engineering “scheme” targeting a small number of employees. Those targets were manipulated to perform “certain actions” and divulge confidential information.

“The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts,” Twitter wrote. “For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets.”

Attackers accessed the Twitter account feature “Your Twitter Data” for eight accounts. However, for the “vast majority” of compromised accounts the unknown adversaries were unable to access private account information, according to Twitter.

#cloud security #web security #twitter #cloud