Twitter Employees Handed Over VPN Credentials That Led To Infamous July Hack

The huge Twitter hack that occurred back in July came about due to stolen VPN credentials, according to TechRadar. It has now been revealed that Twitter employees were tricked into handing over their account details by hackers that had managed to create a site that looked identical to the genuine VPN login page. The hackers pretended to be from the social network’s internal IT department, telephoning members of staff to ask for the relevant credentials. Such claims were believed because VPN issues were commonplace at the time.

Notify of

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Jake Moore
Jake Moore , Cybersecurity Specialist
InfoSec Expert
October 20, 2020 9:48 am

Most successful cyberattacks are far from simple – instead, they require multiple elements that must work simultaneously to pull off a full-blown attack, especially for a hack of the magnitude we saw against Twitter. In this current moment, with millions of employees working remotely, it is easier than ever for cybercriminals to socially engineer their intended targets, and taking on the guise of remote IT workers gave Twitter’s attackers a level of legitimacy that allowed this element of the hack to be successful. This tactic clearly fooled those involved, which highlights just how important constant vigilance and awareness are in all companies, no matter how big or small.

We are seeing increasing numbers of high profile attacks, and organisations need to remember that cybercriminals will persistently look for cracks in the system. All too often, cybercriminals find it far simpler to hack a human than a network. Companies must equip staff with the tools they need to protect them from social engineering, especially if they are working remotely. Updated security is vital when many employees are forced to work outside of the better-protected office environment. Threat actors are quick to adapt to changes in the workplace.

Last edited 2 years ago by Jake Moore
Information Security Buzz
Would love your thoughts, please comment.x