AshazTGA
Veteran Member
Posts: 317
| Likes: 102
|
Post by AshazTGA on Jul 15, 2020 22:58:40 GMT
Hey! So, just about an hour ago, loads of celebrities and popular companies including Obama, Musk, Apple and Uber were targeted by hackers.
Hackers posted a Bitcoin scam on the pages and then pinned the message.
Twitter is currently working on the issue.
|
|
tozzit
Veteran Member
Posts: 2,329
| Likes: 1,709
|
Post by tozzit on Jul 15, 2020 23:04:30 GMT
idk what there is to discuss here? this is just a newsflash post basically
|
|
AshazTGA
Veteran Member
Posts: 317
| Likes: 102
|
Post by AshazTGA on Jul 15, 2020 23:19:22 GMT
idk what there is to discuss here? this is just a newsflash post basically well Elon is now doubling any amount sent to his bit wallet |
|
Wild1145
Club 4000 Member
Inactive Player & Inactive Senior Admin
Posts: 10,414
| Likes: 9,680
|
Post by Wild1145 on Jul 16, 2020 8:28:38 GMT
The actual attack vector is pretty interesting on this. Sounds like there was some sort of vulnerability where attackers were able to intercept google voice 2FA Codes, and in addition to that twitter technical staff were being socially engineered to allow attackers access to their infrastructure.
|
|
fionn
Club 4000 Member
Admin Officer
elmon sucks
Posts: 6,157
| Likes: 4,775
|
Post by fionn on Jul 16, 2020 8:40:50 GMT
The actual attack vector is pretty interesting on this. Sounds like there was some sort of vulnerability where attackers were able to intercept google voice 2FA Codes, and in addition to that twitter technical staff were being socially engineered to allow attackers access to their infrastructure. I definitely think it's either a high-level twitter employee abusing the account recovery, or a large-scale third party client got breached (TweetDeck?) |
|
Wild1145
Club 4000 Member
Inactive Player & Inactive Senior Admin
Posts: 10,414
| Likes: 9,680
|
Post by Wild1145 on Jul 16, 2020 8:42:29 GMT
The actual attack vector is pretty interesting on this. Sounds like there was some sort of vulnerability where attackers were able to intercept google voice 2FA Codes, and in addition to that twitter technical staff were being socially engineered to allow attackers access to their infrastructure. I definitely think it's either a high-level twitter employee abusing the account recovery, or a large-scale third party client got breached (TweetDeck?) It's not really clear yet, but twitter have said it was a social engineering attack on senior engineering staff so I'm not really sure what exactly the details of this are yet. I'm currently waiting on the UK's NCSC to publish a statement on it (which hopefully they will) |
|
thecjgcjg
Veteran Member
Posts: 1,459
| Likes: 1,130
|
Post by thecjgcjg on Jul 16, 2020 9:31:13 GMT
I definitely think it's either a high-level twitter employee abusing the account recovery, or a large-scale third party client got breached (TweetDeck?) It's not really clear yet, but twitter have said it was a social engineering attack on senior engineering staff so I'm not really sure what exactly the details of this are yet. I'm currently waiting on the UK's NCSC to publish a statement on it (which hopefully they will) Not much here yet. |
|
Wild1145
Club 4000 Member
Inactive Player & Inactive Senior Admin
Posts: 10,414
| Likes: 9,680
|
Post by Wild1145 on Jul 16, 2020 10:14:19 GMT
It's not really clear yet, but twitter have said it was a social engineering attack on senior engineering staff so I'm not really sure what exactly the details of this are yet. I'm currently waiting on the UK's NCSC to publish a statement on it (which hopefully they will) Not much here yet. That'll teach me to be on a conference call when they publish guidance like that. |
|
