21 July 2020

What Can Be Learnt From Twitter’s 2020 Breach

3 mins read

Table of Contents

Share post

On Wednesday, 15th July 2020, Twitter suffered what is said to be the worst cyber-attack on a social media platform on record. The cyber-attack caught the eyes of media globally due to the high profile accounts that were successfully exploited. Twitter were quick to react to the account breach which is reported to have been caused by several social engineering attacks targeted at Twitter employees.

What happened 

Cybercriminals managed to gain access to Twitter’s internal systems by socially engineering certain Twitter employees to reveal login credentials. 

In this context, social engineering is intentionally manipulating people into performing certain actions and divulging confidential information. 

In a blog published by Twitter on Saturday, 18 July 2020, they said:

The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets. We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken. In addition, we believe they may have attempted to sell some of the usernames.

Among the hacked accounts were President Barack Obama, Joe Biden, Amazon CEO Jeff Bezos, Bill Gates, the Apple and Uber corporate accounts, and pop star Kanye West.

For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through the “Your Twitter Data” tool. This is a tool that is meant to provide an account owner with a summary of their Twitter account details and activity. None of these eight were “verified” accounts.

The scam

The intention of the scam was clear; the attackers were attempting to use high profile accounts with large followings to spew messages around investing in bitcoin. When a victim of the attack goes to send funds, they are directed to a corrupt checkout page which has a direct link to the cybercriminals. The most commonly seen message was:

I have decided to give back to my community.

All bitcoin sent to the address below will be doubled! If you send $1,000, I will send $2,000 back!

Only doing this for 30 minutes.


When appearing from a reputable and “verified” account, this message can be seen as quite compelling.

Criminals even based one message around COVID-19 on the official Uber account. This is just the latest way that cybercrime is being generated from the pandemic.

For their efforts, the scammers reportedly received 400 payments in bitcoin, with a total value of $121,000, according to an analysis of the Bitcoin blockchain.

Social engineering attacks on the rise

The nature of this attack proves that no matter the size of your organisation, or the security measures you have in place, you are still at risk to cybercrime. The key lesson that organisations can take away from this attack is that it is the employees who pose the biggest risk. At the centre of more than 90% of cyber-attacks, employees often hold the keys required for criminals to gain access to internal systems, data and finances.

In this case, it was certain employees who were targeted with social engineering to reveal their own login credentials to internal systems. This was all the cybercriminals needed to gain access to carry out the attack.

Currently, there is no technology which can prevent an employee from divulging sensitive information. The only way you can truly protect your organisation and employees is by regularly training them on the modern threat landscape, provide testing to give measurable results on your susceptibility to cybercrime and allocate additional training and support to those who continue to be a risk. Our Security Awareness Training and Testing service is the solution to this exact problem.

Find out more about our leading Security Awareness Training and Testing service here →

Woman typing on laptop in a dark room with light overhead

12 February 2024

Penetration Testing vs Vulnerability Scanning: Why your organisation might need them

Man with glasses typing on laptop with light shining down

5 February 2024

Best Practice for Business Passwords 2024

Man and woman sitting opposite one another typing on laptops

18 December 2023

UK Small Businesses Need to Invest in Cyber Security