Twitter has revealed a little more detail about the security breach it suffered earlier this month when a number of high profile accounts were hacked to spread a cryptocurrency scam — writing in a blog post that a “phone spear phishing attack” was used to target a small number of its employees.
Once the attackers had successfully gained network credentials via this social engineering technique they were in a position to gather enough information about its internal systems and processes to target other employees who had access to account support tools which enabled them to take control of verified accounts, per Twitter’s update on the incident.