Sign up to save your podcasts
Or
Share The Twitter/X Breach — July 2020
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The Twitter/X Breach — July 2020
On July 15, 2020, the verified Twitter accounts of Barack Obama, Joe Biden, Elon Musk, Bill Gates, Jeff Bezos, Apple, and Uber were hijacked simultaneously. Every account posted the same Bitcoin scam. The attacker was a 17-year-old in Tampa, Florida.
This episode reconstructs how a series of phone calls defeated Twitter's multi-factor authentication through a real-time credential relay, how a single admin tool called Agent Tools gave unrestricted access to every account on the platform, and how the attack escalated from stealing OG usernames to hijacking the accounts of world leaders. The New York Department of Financial Services investigated and found five specific security controls that would have prevented the breach — all of which existed, were documented, and were available. None were deployed.
Based on the NY DFS Report (October 14, 2020), United States v. Graham Ivan Clark, and Twitter's own incident disclosures.
📄 Free technical breakdown PDF: zerodaylogs.com
0:00 — Introduction
0:50 — The Phone Call
2:33 — Real-Time Credential Relay
3:59 — Why MFA Failed
6:04 — Agent Tools: The God Mode Panel
7:06 — Inside the Admin System
9:23 — Three Phases of the Attack
12:22 — The Cascade: World Leaders Hijacked
14:34 — Twitter Breaks Its Own Platform
17:02 — The Damage Report
17:47 — The Deeper Harm: Private Messages
19:23 — Tracing the Attackers
21:44 — Arrests and Sentencing
24:38 — No CISO
25:16 — Five Missing Controls
28:44 — Why Security Controls Go Undeployed
29:01 — Should Platforms Be Stress Tested?
30:30 — What Twitter Changed After the Breach
31:39 — The Pattern Repeats: MGM 2023
32:33 — The Question That Remains
#cybersecurity #twitter #databreach #infosec #zerodaylogs
View all episodes
By ZDLOn July 15, 2020, the verified Twitter accounts of Barack Obama, Joe Biden, Elon Musk, Bill Gates, Jeff Bezos, Apple, and Uber were hijacked simultaneously. Every account posted the same Bitcoin scam. The attacker was a 17-year-old in Tampa, Florida.
This episode reconstructs how a series of phone calls defeated Twitter's multi-factor authentication through a real-time credential relay, how a single admin tool called Agent Tools gave unrestricted access to every account on the platform, and how the attack escalated from stealing OG usernames to hijacking the accounts of world leaders. The New York Department of Financial Services investigated and found five specific security controls that would have prevented the breach — all of which existed, were documented, and were available. None were deployed.
Based on the NY DFS Report (October 14, 2020), United States v. Graham Ivan Clark, and Twitter's own incident disclosures.
📄 Free technical breakdown PDF: zerodaylogs.com
0:00 — Introduction
0:50 — The Phone Call
2:33 — Real-Time Credential Relay
3:59 — Why MFA Failed
6:04 — Agent Tools: The God Mode Panel
7:06 — Inside the Admin System
9:23 — Three Phases of the Attack
12:22 — The Cascade: World Leaders Hijacked
14:34 — Twitter Breaks Its Own Platform
17:02 — The Damage Report
17:47 — The Deeper Harm: Private Messages
19:23 — Tracing the Attackers
21:44 — Arrests and Sentencing
24:38 — No CISO
25:16 — Five Missing Controls
28:44 — Why Security Controls Go Undeployed
29:01 — Should Platforms Be Stress Tested?
30:30 — What Twitter Changed After the Breach
31:39 — The Pattern Repeats: MGM 2023
32:33 — The Question That Remains
#cybersecurity #twitter #databreach #infosec #zerodaylogs