Authorities have charged a Florida teenager and two others with taking part in the security breach, which affected the accounts of Joe Biden, Barack Obama and others. Bail for the alleged “mastermind” of the attacks, 17-year-old Graham Ivan Clark, was set at $725,000, as the Tampa Bay Times reports. Clark allegedly hired 22-year-old Nima Fazeli of Orlando and 19-year-old Mason Sheppard of the United Kingdom “as proxies” to “manipulate” Twitter employees into providing security access.
Meanwhile, Twitter has disclosed that the breach arose out of a “phone spear phishing attack” that “targeted a small number of employees.” The company wrote in a blog post: “A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools.” Using employee credentials, the hackers targeted 130 Twitter accounts, tweeting from 45, accessing the direct messages of 36 and downloading the data of seven, according to the blog post.
Twitter did not confirm how many people had the ability to aid the hackers, TechCrunch reports. More than 1,000 employees and contractors had access to Twitter’s account support tools, according to a Reuters article. Twitter has also provided scant information so far about what specific steps and techniques the hackers purportedly used to manipulate employees. One security commentator called the company’s update “frustratingly opaque on details.”
A timeline assembled by ZDNet based on court documents gives an outside view of how the hack allegedly went down. Chat logs obtained by federal investigators appear to show Clark approaching the other two on the Discord forum OGUsers and claiming he worked at Twitter. More than $117,000 in Bitcoin was allegedly stolen in the scheme.
Twitter has disclosed in regulatory filing that the breach could “impact the market perception of the effectiveness of our security measures.” according to The Washington Post article. The company disclosed that people may lose trust and confidence in us, decrease the use of our products and services or stop using our products and services in their entirety.”
As Politico reports, the top Democrat on the Senate Intelligence Committee has warned of the risks to other tech behemoths. “It’s good to see that this is a domestic criminal case and not a foreign government,” Sen. Mark Warner said in a statement. But he also noted that the case “reveals seams in the security” for all social media users. “This has forced Twitter to review its network security, and employee education protocols. I hope other social media companies are following suit.”