The Register
Twitter has revealed more about the July 15 attack that saw several prominent accounts hijacked to promote a Bitcoin scam.
The Saturday, July 18 update admits the attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections.
You read that right: even 2FA failed.