Share this article
Twitter Says 'Phone Spear Phishing' Let Hackers Gain Employee Credentials
Twitter has provided an update on what happened the day the social media giant lost control over its platform.
Updated Sep 14, 2021, 9:38 a.m. Published Jul 31, 2020, 4:00 a.m.
Twitter revealed that a number of employees fell victim to a "phone spear-phishing attack" in a new update on how its systems were compromised in the social media giant's largest hack to date on July 15, according to a blog post shared Thursday.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
- A spear-phishing attack is a targeted attempt to steal information such as account details or financial information from a particular individual, in this case, Twitter employees via their phones.
- The success of the hack hinged on two key factors – that the hacker(s) gained access to Twitter's internal network and that they obtained the credentials from specific Twitter employees.
- The credentials of the employees provided "god mode" access to Twitter's internal support tools, blockchain startup Make Sense Labs' CTO Ben Sigman previously told CoinDesk.
- According to Twitter, not all employees that had been targets of the phishing attack had the necessary permissions to use account management tools.
- The hackers instead gained access to Twitter's internal systems and discovered further information relating to the social media giant's processes allowing the hackers to target employees who did have that access to support management tools. The New York Times previously reported the hackers found additional credentials in the company's Slack server.
- The hacker(s) targeted 130 Twitter accounts, tweeting bitcoin giveaway scams and accessing the DM inbox from 36 accounts including CoinDesk's.
- Twitter said the attack relied on a "significant and concerted effort" to mislead particular employees and "exploit human vulnerabilities" in order to gain access to its platform.
- Since the hack, Twitter said it has "significantly" limited access to its internal support management tools to "ensure ongoing account security" while it finalizes its investigation.
- For the time being, features such as its "Your Twitter Data" and processes have been impacted by the limitation of its tools.
- A detailed technical report on the hack is expected to be released at a later date as Twitter awaits ongoing law enforcement investigations and further work to safeguard its platform.
See also: Twitter Hack: Chainalysis and CipherTrace Confirm FBI Investigation
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
U.S. Interest Rates, Do Kwon Sentencing: Crypto Week Ahead
Your look at what's coming in the week starting Dec. 8.
What to know:
You are reading Crypto Week Ahead: a comprehensive list of what's coming up in the world of cryptocurrencies and blockchain in the coming days, as well as the major macroeconomic events that will influence digital asset markets. For an updated daily email reminder of what's expected, click here to sign up for Crypto Daybook Americas. You won't want to start your day without it.
Top Stories
