Twitter confirms DMs were accessed in last week’s major hack

Twitter has revealed more information about the major hack involving a Bitcoin scam that targeted dozens of high-profile accounts on its service on Wednesday, July 15.

The company said in a tweet on Wednesday, July 22, that following a complete review of all of the impacted  Twitter accounts, it believes that “for up to 36 of the 130 targeted accounts, the attackers accessed the DM [direct message] inbox, including 1 elected official in the Netherlands.” Twitter did not name the elected official.

Although it declined to offer specific information on the other 35 accounts whose DMs were possibly accessed, it added that so far there is no evidence to suggest the hackers accessed the DMs of any other former or current elected official. In other words, Barack Obama and Joe Biden — if they use the DM function — can breathe a sigh of relief.

As for the likes of Bill Gates, Elon Musk, Jeff Bezos, and Kanye West, who were among some of the other high-profile individuals targeted in the hack, it appears at this stage that their messages could have been accessed.

The scam involved a fake tweet encouraging followers to send payments to a Bitcoin wallet. The ruse had some success, too, as data on Blockchain.com revealed that more than $115,000 via 392 transactions was sent to the Bitcoin wallet posted in the messages.

As soon as Twitter spotted the attack last week, it locked down the affected accounts and removed the fake tweets. The company said it had been the victim of “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”

The hack message on Bill Gates’ account. We have removed the account number linked by the scammers. Digital Trends

Later on Wednesday, Twitter also repeated some of the findings it uncovered last week, saying the perpetrators downloaded data from eight accounts via its “Your Twitter Data” tool, adding that none of these included verified accounts.

To recap:
????130 total accounts targeted by attackers
????45 accounts had Tweets sent by attackers
????36 accounts had the DM inbox accessed
????8 accounts had an archive of “Your Twitter Data” downloaded, none of these are Verified

— Twitter Support (@TwitterSupport) July 23, 2020

Twitter said it is continuing to communicate directly with the account holders that were impacted by the hack. The FBI is also investigating the incident.

Digital Trends has asked Twitter if it can offer any additional information at this stage and we will update this article when we hear back.

Updated to include Twitter’s recap.

Editors' Recommendations