Twitter Hack and the Lessons it Leaves Behind


By: Courtney Mazzio

Twitter fell victim to a major cyber attack on Wednesday, July 15, when the accounts for some of the world’s most recognizable public figures, executives and celebrities starting tweeting out links to bitcoin scams. The first public signs of the intrusion came around 3 PM EST, when the Twitter account for the cryptocurrency exchange Binance tweeted a message saying it had partnered with “CryptoForHealth” to give back 5000 bitcoin to the community, with a link where people could donate or send money. Shortly after that, similar tweets went out from the accounts of other cryptocurrency exchanges, and from the Twitter accounts for certain politicians and celebrities including President Barack Obama, Joe Biden, Elon Musk, Bill Gates, Kanye West, Michael Bloomberg, and Apple. In immediate response, Twitter blocked new tweets from every verified user, whether compromised or not, and they locked all compromised accounts.

In order to gain access to the user accounts, the attackers targeted certain Twitter employees through a social engineering scheme. In this attack, the attackers successfully manipulated a small number of Twitter employees and used their credentials to access Twitter’s internal systems. As of July 18, Twitter knew that the bad actors accessed tools only available to their internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send the tweets. Twitter’s also reporting that for up to eight of the accounts involved (none were verified accounts), the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. This is a tool that is meant to provide an account owner with a summary of their Twitter account details and activity, meaning that information such as private conversations and personal information on those accounts could have been accessed by the attackers.

Though the identities of the hackers are not yet known, there are strong indications that the attack was perpetuated by individuals who specialize in hijacking social media accounts via “SIM swapping,” an increasingly popular form of crime that involves bribing, hacking or coercing employees at mobile phone and social media companies into providing access to a target’s account. It’s estimated that the bad actors collected over $100,000 through this Twitter scam.

This incident demonstrates that even tech companies with technically sophisticated employees can still fall victim to phishing attacks. Twitter has said it will conduct additional company-wide training to guard against social engineering tactics in order to supplement the training its employees already receive during onboarding, and that employees will receive ongoing phishing exercises throughout the year as well. Training of that type is important not just for companies like Twitter, but really for companies of all sizes and in all industries. Employees continue to be a front line of defense in cybersecurity and no amount of technical safeguards on your computer network can protect against an employee being tricked into disclosing his or her credentials in a social engineering scam. So the moral of the story is: train early, train often, and talk about social engineering and cybersecurity in your workplace.

If you have questions or would like more information, please contact Courtney Mazzio at