To run our business, we have teams around the world that help with account support. There has been concern following this incident around our tools and levels of employee access.
![reviews of reason core security failed reviews of reason core security failed](https://research-assets.cbinsights.com/2017/11/15150149/startup-failures-feature-image-05.15.2018.jpg)
Using the credentials of employees with access to these tools, the attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7. This knowledge then enabled them to target additional employees who did have access to our account support tools. Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes. A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools. The social engineering that occurred on July 15, 2020, targeted a small number of employees through a phone spear phishing attack. We will provide a more detailed technical report on what occurred at a later date given the ongoing law enforcement investigation and after we’ve completed work to further safeguard our service.
![reviews of reason core security failed reviews of reason core security failed](https://i.pcmag.com/imagery/reviews/03PUiaNxu7JJnmMyX5u1WB1-9..v1569469922.jpg)
REVIEWS OF REASON CORE SECURITY FAILED UPDATE
Last updated on July 30, 2020, at 5:45 PM PT with new sections below on “What we know now” and “What we’re doing to protect our service”.Īs our investigation continues, we’re sharing an update to answer some of the remaining questions based on what we’ve discovered to date.