Hackers directly accessed the DM Inbox of 36 out of 130 people, including an elected representative from The Netherlands, Twitter announced on Thursday.
Twitter, however, is confident that the attackers were unable to access user passwords. In a detailed blog, Twitter stated:
“The most important question for people who use Twitter is likely — did the attackers see any of my private information? For the vast majority of people, we believe the answer is, no. For the 130 accounts that were targeted, here is what we know as of today.
· Attackers were not able to view previous account passwords, as those are not stored in plain text or available through the tools used in the attack.
· Attackers were able to view personal information including email addresses and phone numbers, which are displayed to some users of our internal support tools.
· In cases where an account was taken over by the attacker, they may have been able to view additional information. Our forensic investigation of these activities is still ongoing.
We believe that for up to 36 of the 130 targeted accounts, the attackers accessed the DM inbox, including 1 elected official in the Netherlands. To date, we have no indication that any other former or current elected official had their DMs accessed.”
Last Thursday, high-profile Twitter accounts including those of former President Barack Obama, Democratic presidential front-runner Joe Biden, Mike Bloomberg and a number of tech billionaires including Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk were hacked and the attackers posted tweets soliciting donations via Bitcoin.
"Feeling grateful doubling all payments sent to my BTC address! You send $1,000, I send back $2,000! Only doing this for the next 30 minutes," read Elon Musk now-deleted tweet.
After an initial investigation, Twitter said that they detected a coordinated social engineering attack by people who successfully targeted some of their employees with access to internal systems and tools. This access was used to take control of many highly-visible accounts and tweet on their behalf.
Twitter CEO Jack Dorsey said that it was a tough day for them and felt terrible that this happened.
Now, the company has revealed that the attackers targeted 130 Twitter accounts and were able to initiate a password reset, login to the account, and tweet from 45 of them.
"The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets. We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken. In addition, we believe they may have attempted to sell some of the usernames," the company said.
However, the company said that the attackers were not able to view previous account passwords of the 130 accounts. Meanwhile, the attackers were also able to view personal information including email addresses and phone numbers.
"We are continuing our investigation of this incident, working with law enforcement, and determining longer-term actions we should take to improve the security of our systems. We have multiple teams working around the clock focused on this and on keeping the people who use Twitter safe and informed," the company added.