Twitter say hackers accessed private messages of 36 accounts

23 July 2020, 12:26

Twitter have said a number of direct messages could have been accessed
Twitter have said a number of direct messages could have been accessed. Picture: PA

By Maddie Goodfellow

As many as 36 of the accounts hit by a cyber attack on Twitter last week had their private inbox accessed, the social media site has said.

Providing an update on the security incident in which around 130 accounts were hijacked and messages about cryptocurrency posted, Twitter said an elected official in the Netherlands was among those who had their personal messages on the site accessed.

Twitter said that, of the 36 accounts whose DMs were accessed, there was no indication that any other former or current politician had their messages compromised.

The site has also confirmed that a further eight separate accounts also had personal data downloaded by the hackers using the Your Twitter Data feature, which sends the user a file of all their Twitter activity, including Direct Message correspondence.

It added that none of these eight accounts were verified users.

The company previously confirmed that the attackers had successfully targeted Twitter employees with access to internal systems and tools in order to get into the company's system.

Now, the social media giant has said the hackers were not able to view previous account passwords but were able to see other personal information including email addresses and phone numbers because there are "displayed to some users of our internal support tools".

Twitter also said that "in cases where an account was taken over by the attacker, they may have been able to view additional information", but that its investigation into the incident is continuing.

Cyber security expert explains what is behind the twitter hack

The cyber attack last week saw former US president Barack Obama, Microsoft founder Bill Gates and rapper Kanye West among the high-profile accounts affected, leading to questions about Twitter's security defences.

Tweets were simultaneously posted promoting a Bitcoin scam, promising followers they would receive double the amount of money back if they transferred funds to a digital wallet.

It is believed victims sent about $120,000 (£93,600) in Bitcoin to the perpetrators, and the sum would have been larger if a crypto-currency exchange had not blocked further transfers.

The accounts of Elon Musk, Joe Biden, Jeff Bezos, Kim Kardashian West, Mike Bloomberg, Apple and Uber are also known to have been hit.

Immediately following the attack, cyber security experts warned that personal information seen during the breach could be leaked in future.

Twitter has also come under scrutiny for the security around its internal systems and the employees who have access to data-sensitive areas of the site.

Twitter puts fact-check warning on Trump tweets

To combat the hack, Twitter stopped all verified 'blue-tick' accounts from posting anything as it investigated the issue.

Founder Jack Dorsey said: "We're diagnosing and will share everything we can when we have a more complete understanding of exactly what happened."

In a follow-up statement, posted in the early hours of Thursday morning, the social media giant confirmed it is continuing its investigation but updated users on what it believed had happened during the hack.

It claimed the hackers targeted the firm's employees who have access to the app's internal systems and tools, while the company is exploring whether any other malicious activity took place.

The tech giant's full statement read: "Our investigation is still ongoing but here’s what we know so far.

"We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.

"We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.

"Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers.

"We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this.

"This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do.

"We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely.

"Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues."

Latest News

See more Latest News

Mark Menzies

Police reviewing claims Tory MP Mark Menzies misused campaign funds to 'pay off bad people'
Paramedics attended to a person who lit themselves on fire near Manhattan Criminal Court

Horror as man sets himself on fire outside Donald Trump's hush money trial in New York

Jonathan Hogg was attacked by the xl bully (stock image) in Leigh.

Father, 37, mauled to death by XL Bully had 'worst injuries doctor had seen' from 15-minute attack
An Iranian journalist has said working in the UK is a huge risk.

London is our warzone: Iranian journalist says working in UK is huge risk as ex-minister suggests cutting ties with country
Murder inquiry launched after a woman's body found at the Pennyhill Park Hotel in Surrey

Murder probe launched after woman in her 50s is found dead in luxury five-star hotel

Fiona Beal admitted manslaughter on Friday.

Primary school teacher admits manslaughter of partner whose body was found tied-up and buried in garden

World News

See more World News

Donald Trump in court

Full jury of 12 and six alternatives selected in Donald Trump hush money trial

8 mins ago

Trump Hush Money

Police to review security at Trump courthouse after man sets himself on fire

8 mins ago

Donald Trump

Trump’s hush money case to go ahead after judge rejects latest bid to delay

8 mins ago

The News Explained

Rishi Sunak outside 10 Downing Street

Rishi Sunak facts: Height, wife, children and policies revealed

Ages ago

Big Freeze

Arctic blast sets off government's Cold Weather Payment - but are you eligible for the £25 off energy bills?

Ages ago

Armistice Day marks the signing of the armistice in 1918

Armistice Day: What is it about and when will the two-minute silence be held?

Ages ago

More Topics

See more More Topics

War in Ukraine

Cost of Living Crisis

UK Strikes

Immigration

Crime & Police

London

NHS

Brexit