Twitter’s investigation into a serious cyber attack that took place earlier in July 2020 has found that cyber criminals gained access to its systems through a well-planned and carefully targeted social engineering spearphishing attack on Twitter’s own employees.
The attack took place over the phone, using a technique known as vishing, and succeeded in gaining specific employee credentials that let the attackers gain access to Twitter’s internal support tools. From there, they targeted higher-level employees who had access to critical account support tools.