Twitter said Thursday night that it has “significantly limited” access to its internal tools after it learned that the high-profile hack earlier this month affecting dozens of major accounts was the result of a phishing attack targeting the phones of a “small number of employees.”
“This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” Twitter said in a tweet.
A phishing attack is a type of cyberattack in which hackers try to trick victims into opening malicious emails or links disguised as legitimate web content.
In addition to clamping down on access to administrative systems, Twitter (TWTR) said it was also accelerating the rollout of “security work streams” that had already been in progress.
The July 15 security incident led to the takeover of accounts belonging to Barack Obama, Joe Biden, Jeff Bezos and many others. The compromised accounts were then used to promote a bitcoin scam.
While the scope of the incident was massive in its own right, it could merely be the tip of a very large iceberg with vast security implications. Cybersecurity experts and policymakers now worry that the bitcoin scam may mask a much more troubling data breach involving the personal communications of the world’s most powerful people.