Skip to main content

Twitter hackers busted 2FA to access accounts and then reset user passwords

posted onJuly 20, 2020
by l33tdawg
Flickr
Credit: Flickr

Twitter has revealed more about the July 15 attack that saw several prominent accounts hijacked to promote a Bitcoin scam.

The Saturday, July 18 update admits “the attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections.” You read that right: even 2FA failed.

The post continues: “As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets. We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken. In addition, we believe they may have attempted to sell some of the usernames.”

Source

Tags

Industry News

You May Also Like

Recent News

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th

Thursday, June 6th