Twitter said on Friday evening that hackers who hijacked high-level user accounts, including from former United Statesand Microsoft founder Bill Gates, to tweet about a bitcoin scam this week, also uploaded data for up to eight accounts.
The company did not identify the owner of the accounts, but said they had not been verified. Obama, Gates and other prominent users such as Tesla CEO Elon Musk and rapper Kanye West whose compromised accounts have verified Twitter accounts. When a user downloads their Twitter data, it includes direct messages, photos, videos, their address book and other information.
“In cases where an account has been taken over by the attacker, they may have been able to see additional information,” Twitter said in a blog post Friday night. “Our forensic investigation into these activities is still ongoing. ”
Politicians and cybersecurity experts have expressed concern over widespread hacking that direct messages from some of the world’s most powerful people could have been accessed during the attack on Wednesday. If there is sensitive information in these messages, hackers could use it for blackmail or ransomware. Twitter direct messages are not encrypted end-to-end, which would have prevented employees from reading private messages.
On Thursday, Twitter said the company believed the hackers had targeted the Twitter accounts of 130 users. Twitter said on Friday that hackers were able to reset passwords for 45 accounts, giving them the ability to sign in to accounts and tweet. The attackers may also have tried to sell some of the usernames.
The company said it believed attackers were unable to see a user’s previous passwords. They were able to view personal information, including email addresses and phone numbers, Twitter said.
Twitter has denied a request for a full list of targeted accounts in light of its ongoing investigation, in which it “continues to assess whether the non-public data relating to these accounts has been compromised”.
Although Twitter has faced the problem of cryptocurrency scams in the past, the size of Wednesday’s attack is unusual, highlighting potential security holes in the popular social media platform. Twitter said it believed the attackers could have bypassed account security protections such as two-factor authentication after “successfully manipulating a small number of employees and using their credentials to gain access to Twitter’s internal systems ”. The company did not say whether employees were tricked into handing over those credentials or whether they were bribed.
On Wednesday, the accounts of dozens of internationally renowned figures covering technology, politics and entertainment posted similar tweets soliciting donations through Bitcoin. Apple, Uber and other companies were also caught in the sprawling hack, which Twitter later attributed to a social engineering attack on its employees.
“Everyone is asking us to surrender, and now is the time,” said a now deleted tweet from Gates, pledging to double all payments to a Bitcoin address for the next 30 minutes.
“I feel generous because of Covid-19,” said Musk’s tweet. “I will double any BTC payment sent to my BTC address during the next hour. Good luck and stay safe there! All tweets were then deleted and verified Twitter accounts, those with a blue check mark, were temporarily silenced.
In addition to Twitter, the FBI also announced the launch of an investigation into the hacking incident.