Darkreading.com reported that “Twitter said its investigations so far showed that someone used social engineering to obtain credentials belonging to a small number of employees and then used those credentials to somehow bypass two-factor protections and access a key internal system.” The July 20, 2020 article entitled “Twitter Breach Highlights Privileged Account Security Issue” included these comments:
The attackers used their access to target 130 Twitter accounts, including several belonging to high-profile individuals such as Democratic presidential hopeful Joe Biden, former president Barack Obama, and business leaders including Bill Gates, Jeff Bezos, and Elon Musk.
With 45 of the accounts, the attackers were able to reset the passwords, log into the accounts, and send out tweets — all without alerting the account owners until after the fact.
The tweets urged users to send Bitcoin to an address contained in the message within a specific period and get double the amount in return.
The Twitter attack has raised considerable concern, including among US lawmakers, because of just how influential the platform has become in recent years.
Politicians, activists, and numerous others from around the world use Twitter widely for everything from making policy announcements and communicating business and trade decisions to expressing opinions and garnering support for various cause.
Many have said the attackers could easily have used their access to create substantial havoc by tweeting misleading information on behalf of some of the most influential people on the platform.
Maybe two-factor authentication is insufficient, what do you think?