1 min read

Twitter 2020 Hack Caused by Fake VPN Login Page

Alina BÎZGĂ

October 20, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Twitter 2020 Hack Caused by Fake VPN Login Page

The investigative report of the infamous Twitter hack of July 2020 has revealed that the attackers used social engineering skills and phishing links to dupe remote Twitter employees into providing their credentials.

On July 15, 2020, a 17-year old hacker and his accomplices seized control of dozens of high-profile users” accounts, including Barack Obama, Kim Kardashian West, Jeff Bezos, Elon Musk, and Bill Gates, stealing over $118,000 worth in bitcoin from unsuspecting users.

How did the culprits penetrate Twitter”s internal network?

According to a New York State Department of Financial Services report, the hackers posing as Twitter IT department workers deceived several employees working remotely to access a fake VPN login page.

“The Twitter Hack started on the afternoon of July 14, 2020, when one or more Hackers called several Twitter employees and claimed to be calling from the Help Desk in Twitter”s IT department,” the report said.

“The Hackers claimed they were responding to a reported problem the employee was having with Twitter”s Virtual Private Network (“VPN”). The Hackers then tried to direct the employee to a phishing website that looked identical to the legitimate Twitter VPN website and was hosted by a similarly named domain.”

The report underlines that most employees entered their credentials on the fake webpage, allowing the cybercriminals to simultaneously log in on the legitimate Twitter website. Although these logins also required MFA authentication from Twitter employees, the cyber-thieves convinced them to authenticate, leaving Twitter”s internal network exposed.

“The Department found no evidence the Twitter employees knowingly aided the Hackers,” the financial services regulatory authority added. “Rather, the Hackers used personal information about the employees to convince them that the Hackers were legitimate and could, therefore, be trusted. While some employees reported the calls to Twitter”s internal fraud monitoring team, at least one employee believed the Hackers” lies.”

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Half of consumers don’t follow up on data breach notification practices, do you? Half of consumers don’t follow up on data breach notification practices, do you?
Alina BÎZGĂ

November 23, 2021

2 min read
Unsecure Server Exposed 200 Million Records of Adult Webcam Models and Users Online Unsecure Server Exposed 200 Million Records of Adult Webcam Models and Users Online
Alina BÎZGĂ

November 19, 2021

2 min read
Don't Let Cybercriminals Steal Your Digital Thunder Don't Let Cybercriminals Steal Your Digital Thunder
Alina BÎZGĂ

October 29, 2021

2 min read