--- title: "You’ll Never Guess What was Behind the Great Twitter Hack: Phishing | Phish Protection" description: "If you haven" image: "https://phishprotection.com/og/blog/you-will-never-guess-what-was-behind-the-great-twitter-hack-phishing.png" canonical: "https://phishprotection.com/blog/you-will-never-guess-what-was-behind-the-great-twitter-hack-phishing/" --- Quick Answer If you haven't already heard, \*\*Twitter was hacked\*\* recently and some pretty high-profile people like Barack Obama and Elon Musk had their accounts compromised. \_When such a powerful tech company as Twitter gets taken like that, the first impulse is to assume it's some band of sophisticated hackers or a rogue nation employing some leading-edge network penetration technology that does the damage\_. But in the case of Twitter, as with most high-profile attacks, nothing could be further from the truth. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fyou-will-never-guess-what-was-behind-the-great-twitter-hack-phishing%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=You%26%238217%3Bll%20Never%20Guess%20What%20was%20Behind%20the%20Great%20Twitter%20Hack%3A%20Phishing&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fyou-will-never-guess-what-was-behind-the-great-twitter-hack-phishing%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fyou-will-never-guess-what-was-behind-the-great-twitter-hack-phishing%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fyou-will-never-guess-what-was-behind-the-great-twitter-hack-phishing%2F&title=You%26%238217%3Bll%20Never%20Guess%20What%20was%20Behind%20the%20Great%20Twitter%20Hack%3A%20Phishing "Share on Reddit") [ ](mailto:?subject=You%26%238217%3Bll%20Never%20Guess%20What%20was%20Behind%20the%20Great%20Twitter%20Hack%3A%20Phishing&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fyou-will-never-guess-what-was-behind-the-great-twitter-hack-phishing%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2020/08/phishing-attack-prevention-2314.jpg) If you haven’t already heard, **Twitter was hacked** recently and some pretty high-profile people like Barack Obama and Elon Musk had their accounts compromised. _When such a powerful tech company as Twitter gets taken like that, the first impulse is to assume it’s some band of sophisticated hackers or a rogue nation employing some leading-edge network penetration technology that does the damage_. But in the case of Twitter, as with most high-profile attacks, nothing could be further from the truth. Now that the [truth has come out](https://www.tampabay.com/news/crime/2020/07/31/17-year-old-in-tampa-arrested-for-hack-of-prominent-twitter-accounts/), _we know that the person who has been arrested as the mastermind behind the attack is a 17-year-old from Tampa, Florida_. And his technology of choice for causing such havoc? Phishing, of course. _It’s almost always phishing_. Now, to pull off such a successful **phishing attack**, required the hackers to gain access to at least one of the more than [1,000](https://www.reuters.com/article/us-twitter-cyber-access-exclusive-idUSKCN24O34E) Twitter employees who “_had access to internal tools that could change user account settings and hand control to others_.” But to accomplish such a feat, did the hackers have to phish one of these employees? Surprisingly not. ![Phishing attack prevention](https://media.mailhop.org/phishprotection/images/2020/08/phishing-attack-prevention-2314.jpg) According to [HelpNetSecurity](https://www.helpnetsecurity.com/2020/07/31/twitter-employees-spear-phished/), “To pull off the attack, _attackers had to obtain access to Twitter’s internal network AND specific employee credentials that granted them access to internal support tools_.” But the attack only targeted a small number of employees at first. And “Not all of the employees that were initially targeted had permissions to use account management tools.” What the attackers did is what most attackers do: _use phishing to phish anybody just to get inside the network_. Then, once inside the network, phishing additional people becomes that much easier, and that’s exactly what they did. According to Twitter, “This knowledge then enabled them to target additional employees who did have access to our account support tools.” _The Twitter hack is a perfect example of the fact that your email security is only as good as your weakest link_. Successfully phishing one employee is like phishing them all. You really do need to get near 100% security to really be secure. It’s why [employee awareness training](/blog/phishing-awareness-training-is-getting-some-large-investments/) alone won’t do it. We know from research, at best, that’s **only 98% effective**. If you want to get close to 100% effective email security, you’re going to have to take the responsibility for that security out of the hands of your employees and let technology do it for you. Technology like [Phish Protection](/). ![Phishing email prevention](https://media.mailhop.org/phishprotection/images/2020/08/phishing-email-prevention-2210.jpg) Phish Protection has three advantages over your employees. First, it’s cloud based, which means _it analyzes emails BEFORE they hit the inbox and keeps the malicious ones out altogether_. You can’t get phished from an email that never hits your inbox. Second, it operates in real-time. _That means even if the phishing email wasn’t malicious 10 second ago, if it’s malicious now, Phish Protection will know it and keep it out of your inbox_. And finally, since Phish Protection looks “under the hood” at the actual code of the email, _it doesn’t get fooled by some fancy hacker tricks like display name spoofing and **domain name spoofing**_. If you’re ready to protect your organization by protecting everyone in your organization, try Phish Protection for **free for 60 days**. _Phish Protection will keep your company out of the headlines_. ## Topics [ Phishing ](/tags/phishing/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Foundational 5m 0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[ Foundational 4m 13 Spear Phishing Attacks Examples To Justify Investment For Phishing Prevention Solutions In Your Organization Aug 1, 2019 ](/blog/13-spear-phishing-attacks-examples-to-justify-investment-for-phishing-prevention-solutions-in-your-organization/)[ Foundational 4m All 14 centers of Kettering Health were affected by a massive ransomware attack, Major outage in the Ohio medical center May 23, 2025 ](/blog/14-centers-of-kettering-health-were-affected-by-massive-ransomware-attack-in-ohio-medical-center/)[ Foundational 4m 2021 Phishing Trends You Need To Be Wary Of Aug 2, 2021 ](/blog/2021-phishing-trends-to-be-wary-of/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"You’ll Never Guess What was Behind the Great Twitter Hack: Phishing","description":"If you haven't already heard, Twitter was hacked recently and some pretty high-profile people like Barack Obama and Elon Musk had their accounts compromised.","url":"https://phishprotection.com/blog/you-will-never-guess-what-was-behind-the-great-twitter-hack-phishing/","datePublished":"2020-08-06T15:16:48.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2020-08-06T15:16:48.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/you-will-never-guess-what-was-behind-the-great-twitter-hack-phishing/"},"articleSection":"foundational","keywords":"Phishing","wordCount":554,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2020/08/phishing-attack-prevention-2314.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"You’ll Never Guess What was Behind the Great Twitter Hack: Phishing","item":"https://phishprotection.com/blog/you-will-never-guess-what-was-behind-the-great-twitter-hack-phishing/"}]} ```