General > General Technical Chat

Twitter Hackage

<< < (4/10) > >>

tom66:
That's ridiculous.

Ed.Kloonk:

--- Quote from: magic on July 16, 2020, 06:07:16 am ---The first point of eti's being wrong doesn't preclude the other from being spot on :P

In my days, we simply called it a hack ::)

--- End quote ---

In my day, I remember a couple of people who pointed out that innocuous hackers are annoyed that they are lumped in with 'crackers' who attack and crack things, like Twitter.

Of course I understand the problem with calling people crackers.

Maybe we should call the people who attacked twitter what they are: terrorists.

RenThraysk:
They could be terrorists if there was a political motivation. But seems there was none atm.

magic:

--- Quote from: Ed.Kloonk on July 19, 2020, 04:21:54 pm ---In my day, I remember a couple of people who pointed out that innocuous hackers are annoyed that they are lumped in with 'crackers' who attack and crack things, like Twitter.

--- End quote ---
I'm familiar with this concept but it failed to gain traction so much that I didn't even remember about it while writing that post :)
The only people legitimately called "crackers" are those making software cracks, sorry. I'm afraid that pwning websites is simply hacking.

DrG:
A few details speculating on what might have happened.  How the initial compromise of a number of so-called admin accounts was accomplished is not not detailed.

https://www.cnn.com/2020/07/17/tech/former-twitter-employees-sleuthing/index.html
https://www.cnn.com/2020/07/26/tech/twitter-hack-remote-working-security-risks/index.html

"Twitter said the breach was the result of a coordinated "social engineering" attack that targeted workers who had administrative privileges, with the aim of taking control of the accounts." translated from weasel-speak to English: We are either not saying or we have no freaking idea how they got so many admin passwords that had no two-factor authentication or any kind of sophisticated security.

I was a little shocked to learn (if this was not speculation) that the admin accounts could disable two-factor authentication for user accounts as well as email address to send password reset instructions. That is, hack that and get a pw reset and you have it. Why do you need so many though? To keep it going for a few minutes? I don't know, but the initial reaction was to lock down accounts.

BTW: I don't have a Twitter account.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

There was an error while thanking
Thanking...
Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod