IT Central Station is now PeerSpot: Here's why

How was the 2020 Twitter Hack carried out? How could it have been prevented?

On July 15, 2020, several verified Twitter accounts with millions of followers were compromised in a cyberattack. Many of the hacked accounts we protected using two-factor authentication, which the hackers were somehow able to bypass.

Hacked accounts included Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, Mike Bloomberg, Warren Buffett, Kim Kardashian, and Kanye West, Benjamin Netanyahu, and several high profile tech companies, including Apple and Uber.

The hackers posted variation of a message asking follower to transfer thousands of dollars in Bitcoin, with the promise that double the donated amount would be returned.

How could Twitter have been better prepared for this? How do you rate their response?

PeerSpot user
67 Answers

Menachem D Pritzker - PeerSpot reviewerMenachem D Pritzker (PeerSpot (formerly IT Central Station))

@Ken Shaurette thanks! I missed it live, will catch the recording when I get a chance. What security platforms do you think would have done the best job at preventing the hack?

Ken Shaurette - PeerSpot reviewer
Top 5LeaderboardReal User

I like the potential for catching an unusual activity like that with our recently implemented endpoint detection tool, Cynet360.  It seems so far to have about the highest level of transparency into the endpoint with a 24x7x365 backing of monitoring.  

Prasanna VA - PeerSpot reviewer
Top 5Real User

It's understood that internal tool probably shared by Internal Employee as RCA. The tool was used to reset associated Mail Address of account thereby Password Reset of Choice. In MFA of Identity related features, it's more secured on keeping it with associated Mobile Secure Pin or SoftCrypto Code in Future to avoid compromise at this moment is the lesson learned. 

Joke  - PeerSpot reviewer
Top 5Real User

The use of two factor authentication by Twitter

Paresh Makwana - PeerSpot reviewer
Top 5LeaderboardReseller

This is one of the Identity theft issue, which means some one hack your password or account and do activity which he she is not suppose to do. basic reason of hack of your identity or password is Social engineering. second reason is system has week privilege access management. If you have less control on admin id or privilege id then enter firm has to suffer along with the customer of that firm. For me the take away of this event is to protect privilege ID and you good PAM PIM tool with two factor and UBA included.  

Russell Webster - PeerSpot reviewer
Real User

Span of control, Solid RBAC, Privileged Access Management (PAM) 

Buyer's Guide
Application Security
May 2022
Find out what your peers are saying about SonarSource, Veracode, Snyk and others in Application Security. Updated: May 2022.
598,634 professionals have used our research since 2012.