Security experts have shed some light on the unprecedented attack by hackers on Twitter, resulting in various takeovers of high-profile accounts like those of former President Barack Obama and Tesla CEO Elon Musk.
According to experts, the attack may have focused on the company's internal account reset mechanisms, which are used to help users regain access to their accounts after losing their phones or forgetting their passwords.
FBI probes Twitter's hack
Twitter is now likely to be facing significant concerns about its internal security protocols and the measures it has in place to avoid this from ever occurring again or resulting in even more disastrous potential consequences.
The Federal Bureau of Investigation probed Twitter's widespread hack in the face of increasing fears that the weakness of the company's systems may pose broader risks to international security.
Lawmakers and security experts said the attack, in which hackers controlled multiple Twitter accounts, pointed to a particularly alarming weakness in the U.S. presidential election, considering the value of Twitter as a forum for political discussion.
In a series of tweets posted under its support service, Twitter said the hackers had breached its internal infrastructure, supporting suspicions that the attack could not have been carried out without access to the company's own software and employee privileges.
We’re continuing to limit the ability to Tweet, reset your password, and some other account functionalities while we look into this. Thanks for your patience. — Twitter Support (@TwitterSupport) July 15, 2020
Twitter doesn't elaborate on what resources the attackers used or how precisely the attack was carried out.
Hackers targeted its employees for access to internal systems
Earlier, Motherboard claimed that various underground hacking networks exchanged screenshots of an internal company admin tool allegedly used to execute account takeovers, possibly by resetting user email addresses and restoring passwords.
In an update to her hack report, Motherboard also claims it's spoken to hackers who say they've paid a Twitter employee to modify the email addresses of famous accounts using the internal tool to gain control of it.
Motherboard also posted some of the internal tool's screenshots allegedly in the hacks' core, including one where they edited confidential account information. Twitter is reportedly suspending and manually deleting accounts that post the screenshots for breaching its laws.
The company says it is actively investigating "what other disruptive behavior they might have conducted or information they might have accessed and will share more here when we have it." It is potentially possible, for example, that attackers may have had access to private direct messages.
Twitter said that once it was aware of the unfolding situation, it "locked down the compromised accounts immediately and deleted tweets posted by the attackers." It also took the step of removing the ability to send new tweets to verified accounts.
"We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely," Twitter wrote. Twitter also states that measures have been taken internally to "restrict access to internal systems and information while our investigation is under way."