Twitter says the hackers responsible for a recent high-profile breach used the phone to fool the social media company’s employees into giving them access.
The company revealed a few more details late Thursday about the hack earlier this month, which it said targeted a small number of employees through a phone spear-phishing attack.
This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems, the company tweeted.
The embarrassing July 15 attack compromised the accounts of some of its most high-profile users, including Tesla CEO Elon Musk and celebrities Kanye West and his wife, Kim Kardashian West, in an apparent attempt to lure their followers into sending money to an anonymous Bitcoin account.
The hackers targeted 130 accounts. They managed to tweet from 45 accounts, access the direct message inboxes of 36, and download the Twitter data from seven. Dutch anti-Islam lawmaker Geert Wilders has said his inbox was among those accessed.
Spear-phishing is a more targeted version of phishing, an impersonation scam that uses email or other electronic communications to deceive recipients into handing over sensitive information.
Twitter didn’t provide any more information about how the attack was carried out, saying it would provide a more detailed report later given the ongoing law enforcement investigation. The company has previously said the incident was a coordinated social engineering attack that targeted some of its employees with access to internal systems and tools.