On Thursday, high-profile Twitter accounts including those of former President Barack Obama, Democratic presidential front-runner Joe Biden, Mike Bloomberg and a number of tech billionaires including Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk were hacked and the attackers posted tweets soliciting donations via Bitcoin.
"Feeling grateful doubling all payments sent to my BTC address! You send $1,000, I send back $2,000! Only doing this for the next 30 minutes," read Elon Musk now-deleted tweet.
After an initial investigation, Twitter said that they detected a coordinated social engineering attack by people who successfully targeted some of their employees with access to internal systems and tools. This access was used to take control of many highly-visible accounts and tweet on their behalf.
Twitter CEO Jack Dorsey said that it was a tough day for them and felt terrible that this happened.
Now, the company has revealed that the attackers targeted 130 Twitter accounts and were able to initiate a password reset, login to the account, and tweet from 45 of them.
"The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets. We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken. In addition, we believe they may have attempted to sell some of the usernames," the company said.
However, the company said that the attackers were not able to view previous account passwords of the 130 accounts. Meanwhile, the attackers were also able to view personal information including email addresses and phone numbers.
"We are continuing our investigation of this incident, working with law enforcement, and determining longer-term actions we should take to improve the security of our systems. We have multiple teams working around the clock focused on this and on keeping the people who use Twitter safe and informed," the company added.
