Skip to main content

Some accounts had private messages stolen in Twitter hack

Twitter has shared more details about how dozens of high-profile accounts were accessed and used to promote a cryptocurrency scam this week.

Twitter has already revealed that around 130 accounts were targeted in the hack, including accounts of prominent political figures like Barack Obama and Joe Biden as well as cryptocurrency enthusiasts Elon Musk and other celebrities like Kanye West.

The company announced that the attack had been made possible due to “a social engineering scheme” in which cybercriminals targeted Twitter employees using “intentional manipulation of people into performing certain actions and divulging confidential information.”

Describing the scheme in more detail, Twitter said that attackers managed to trick or manipulate employees into handing over their credentials. The attackers then used these credentials to get inside Twitter’s systems, getting past the two-factor authentication protections and using an internal management tool for resetting passwords.

Of the 130 targeted accounts, the attackers were able to reset the passwords and log in to 45 accounts. This resulted in the sending of the cryptocurrency scam tweets. But many are worried that the attackers may have done even more damage, as they had full access to these accounts. A particular worry was whether the attackers would have been able to access private content such as direct messages.

It seems that, for at least some of the targets, that fear was well-founded. Twitter announced that, “For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our ‘Your Twitter Data’ tool. This is a tool that is meant to provide an account owner with a summary of their Twitter account details and activity.”

The Your Twitter Data tool gives a complete list of account activity which, according to The Verge, includes an archive of direct messages. This data may even include deleted direct messages, which is an extra worry. The concern is that these personal messages could be used for blackmail or spread around maliciously.

Twitter did confirm that, of the eight accounts who had their data downloaded, none were verified, and that it has reached out to all eight people to let them know. The company has said it will not be announcing the identity of these accounts publicly.

Twitter is conducting an investigation into what happened and how it can improve the security of its systems. The company acknowledges the huge loss of trust the public has in its services, saying, “We’re embarrassed, we’re disappointed, and more than anything, we’re sorry. We know that we must work to regain your trust, and we will support all efforts to bring the perpetrators to justice.”

Editors' Recommendations

Georgina Torbet
Georgina is the Digital Trends space writer, covering human space exploration, planetary science, and cosmology. She…
Tesla factories’ security cameras caught up in wider hack
Tesla Gigafactory

A Silicon Valley startup offering cloud-based security camera services has had its systems breached in an attack that gave hackers access to numerous live feeds, some of them coming from Tesla factories.

Verkada, which launched in 2016, had around 150,000 of its cameras hacked, with many of the devices installed in hospitals, schools, police departments, prisons, and companies that besides Tesla also included software provider Cloudflare, according to a Bloomberg report on Tuesday, March 9.

Read more
iPod hack puts 50 million Spotify songs in your pocket
ipod hack puts 50 million spotify songs in your pocket streaming device

When the iPod music player launched in 2001, Apple went with the slogan, “1,000 songs in your pocket.”

Skip forward 20 years and a brilliant bit of work by Massachusetts resident Guy Dupont puts 50 million songs in your pocket, streamable via Spotify.

Read more
Coronavirus vaccine researchers are being targeted by cyberattacks
Cambridge Biotech Moderna Leads in Race For Coronavirus Vaccine

Pharmaceutical companies and vaccine researchers working on a coronavirus vaccine have been the target of hacking attacks, a new report from Microsoft says. The company says these attacks are coming from nation-states, and it condemns the attacks and calls on other states to condemn them too.

Microsoft said in a blog post by Tom Burt, Corporate Vice President, Customer Security & Trust, that it has detected cyberattacks targeting both pharmaceutical companies and researchers in Canada, France, India, South Korea, and the U.S. Most of the attacks targeted organizations that were in the process of developing a coronavirus vaccine, especially those who were currently performing clinical trials.

Read more