Twitter Hack update: for ~8 victims, the attackers downloaded the “Your Twitter Data” archive file which includes: DMs, lists created (presumably including private lists), email, phone, history of places been while on twitter, accounts blocked/muted, all pics/videos shared via DM https://twitter.com/twittersupport/status/1284331132255756288

Twitter mentions interestingly that the 8 victims of this data download including DMs were not verified accounts. Interesting indeed. https://twitter.com/twittersupport/status/1284339148774498305?s=21 https://twitter.com/twittersupport/status/1284339148774498305

Twitter also mentions that the attackers were able to initiate overriding password reset flows for account take over. My original hypothesis was leveraging human element to access that admin panel flow to circumvent MFA, sounds like that hypothesis could have been the method used

The admin panel leveraged in the Twitter Hack had the account’s email address and phone number listed at first glance. Potentially the high profile targets in this attack use burner emails and phone numbers for their social media sign up, but I don’t know.

Twitter says attackers targeted 130 accounts & were able to use the admin panel to circumvent MFA with a password reset flow, log in to the accounts, and tweet for 45/130. When you or I log in we can see our DMs so best guess is they could see DMs for the 45 accounts logged into.

Twitter hasn’t confirmed the exact social engineering methodology yet, my guesses are:
- insider threat (employee initiated attack)
- social engineering + bribery (attacker seeks out the right employee, builds relationship, bribes for actions)
- phishing (credential harvesting)