The attackers that hacked Twitter in July pretended to call from Twitter’s IT department about a VPN issue, then persuaded employees to enter their credentials into a website that looked identical to the real VPN login site.

The claims by the hackers were credible – and successful – because Twitter’s employees were all using VPN connections to work and routinely experienced VPN problems that required IT support, a New York Department of Financial Services (NYDFS) report found.

The Twitter hackers also appear to have conducted research to identify basic functions and titles of Twitter employees so that they could better impersonate Twitter’s IT department. NYDFS says the conversations during the vishing calls may have provided more information about Twitter’s internal operations. Armed with these personal details, the hackers convinced several Twitter employees that they were from the social media company’s IT department and stole credentials.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.