Twitter say hackers accessed private messages of 36 accounts

23 July 2020, 12:26

Twitter have said a number of direct messages could have been accessed
Twitter have said a number of direct messages could have been accessed. Picture: PA

By Maddie Goodfellow

As many as 36 of the accounts hit by a cyber attack on Twitter last week had their private inbox accessed, the social media site has said.

Providing an update on the security incident in which around 130 accounts were hijacked and messages about cryptocurrency posted, Twitter said an elected official in the Netherlands was among those who had their personal messages on the site accessed.

Twitter said that, of the 36 accounts whose DMs were accessed, there was no indication that any other former or current politician had their messages compromised.

The site has also confirmed that a further eight separate accounts also had personal data downloaded by the hackers using the Your Twitter Data feature, which sends the user a file of all their Twitter activity, including Direct Message correspondence.

It added that none of these eight accounts were verified users.

The company previously confirmed that the attackers had successfully targeted Twitter employees with access to internal systems and tools in order to get into the company's system.

Now, the social media giant has said the hackers were not able to view previous account passwords but were able to see other personal information including email addresses and phone numbers because there are "displayed to some users of our internal support tools".

Twitter also said that "in cases where an account was taken over by the attacker, they may have been able to view additional information", but that its investigation into the incident is continuing.

The cyber attack last week saw former US president Barack Obama, Microsoft founder Bill Gates and rapper Kanye West among the high-profile accounts affected, leading to questions about Twitter's security defences.

Tweets were simultaneously posted promoting a Bitcoin scam, promising followers they would receive double the amount of money back if they transferred funds to a digital wallet.

It is believed victims sent about $120,000 (£93,600) in Bitcoin to the perpetrators, and the sum would have been larger if a crypto-currency exchange had not blocked further transfers.

The accounts of Elon Musk, Joe Biden, Jeff Bezos, Kim Kardashian West, Mike Bloomberg, Apple and Uber are also known to have been hit.

Immediately following the attack, cyber security experts warned that personal information seen during the breach could be leaked in future.

Twitter has also come under scrutiny for the security around its internal systems and the employees who have access to data-sensitive areas of the site.

To combat the hack, Twitter stopped all verified 'blue-tick' accounts from posting anything as it investigated the issue.

Founder Jack Dorsey said: "We're diagnosing and will share everything we can when we have a more complete understanding of exactly what happened."

In a follow-up statement, posted in the early hours of Thursday morning, the social media giant confirmed it is continuing its investigation but updated users on what it believed had happened during the hack.

It claimed the hackers targeted the firm's employees who have access to the app's internal systems and tools, while the company is exploring whether any other malicious activity took place.

The tech giant's full statement read: "Our investigation is still ongoing but here’s what we know so far.

"We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.

"We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.

"Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers.

"We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this.

"This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do.

"We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely.

"Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues."