The recent hack of Twitter for a Bitcoin scam was massive, but the social media site was warned about security issues years before, per reports.
Twitter did move quickly to handle the hack, which impacted the accounts of many high-profile people and companies. Some of the accounts impacted included Apple, Elon Musk, and Bill Gates.
Twitter had prior warnings
While the quick action taken by the social media giant warrants praise, reports have come out that say Twitter had been warned about security issues for several years. It seems that such warnings fell on deaf ears.
It appears that a large number of employees and third-party contractors have the ability to access user accounts. Former employees told Bloomberg that the company has 1,500 such individuals working in that capacity. Overall, those 1,500 employees oversee the site’s 186 million daily users.
The former employees say that warnings about the increasing number of people who have access to user data were given to Jack Dorsey and the board of directors from 2015 through 2019. However, the ex-employees say that such warnings were ignored in favor of Twitter focusing on increasing its revenue.
Paul Ortiz, a supply chain security consultant, told Bloomberg, “Very few companies understand how vulnerable their operations are to compromise as they expand outside of their headquarters. This risk exponentially increases if third-party contract workers are introduced into the equation.”
Twitter has now required employees to take an online security training course. This course also covers a number of different phishing techniques, including phone calls.
“The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets.”
While the hack on the social media giant was short-lived, the criminals behind it managed to snag over US$120,000 [AUS$170,000] in Bitcoin. The results could have been far worse as a number of exchanges, such as Coinbase, moved quickly to block transfers to the scam’s Bitcoin wallet address.