They were security personnel. How does your security team not realize that someone asking for your credentials may not be who they claim to be? You are in security. You are supposed to be on the look out for phishing schemes. You should not be falling for phishing scams yourself. 🤦🏻♂️
The company said several Twitter employees were targeted in a “phone spear phishing attack,” which presumably means that hackers called up Twitter employees while posing as colleagues or members of Twitter’s own security team, and got them to reveal their credentials.