Twitter reveals hackers accessed private Direct Message inboxes of 36 accounts in last week’s high-profile cyber attack
- Twitter revealed that during the high-profile hack some accounts had DMs read
- These people remain anonymous but a Dutch politician is known to be affected
- Twitter previously said the attackers tweeted from 45 accounts and downloaded mass data from eight accounts
The scale of Twitter’s vast cyber attack last week is now coming to light as the social media firm announces 36 accounts had their Direct Message (DM) inbox accessed.
Twitter previously said the attackers tweeted from around 130 accounts and downloaded mass data from eight accounts.
Accessing direct messages sits between those two events in terms of severity.
Twitter kept the names of the affected accounts anonymous but did reveal an unnamed elected official in the Netherlands was among those who had their personal messages accessed by hackers.
Scroll down for video
Twitter says 130 accounts were targeted in the mass hack that occurred last week and a smaller amount had their private messages (DMs) breached as well
During the hack, Twitter suspected up to 130 accounts were breached. Hackers also downloaded mass data from eight accounts
The company previously confirmed that the attackers had successfully targeted Twitter employees with access to internal systems to get into the company’s system.
Now, the social media giant has said the hackers were not able to view previous account passwords but were able to see other personal information.
This includes email addresses and phone numbers, because these pieces of information are visible to some employees working on support tools.
Twitter said last week that hackers ‘manipulated’ some of its employees to access accounts.
More than $100,000 worth of the virtual currency was sent to email addresses mentioned in the tweets, according to Blockchain.com, which monitors crypto transactions.
‘We know that they accessed tools only available to our internal support teams to target 130 Twitter accounts,’ said a statement posted on Twitter’s blog.
For 45 of those accounts, the hackers were able to reset passwords, login and send tweets, it added, while the personal data of up to eight unverified users was downloaded.
Twitter locked down affected accounts and removed the fraudulent tweets. It also shut off accounts not affected by the hack as a precaution.
Twitter also said that ‘in cases where an account was taken over by the attacker, they may have been able to view additional information’.
It did not elaborate on this because its investigation into the incident is continuing, it claims.
The cyber attack last week saw former US president Barack Obama, Microsoft founder Bill Gates and rapper Kanye West among the high-profile accounts affected.
Accounts of Elon Musk, Joe Biden, Jeff Bezos, Kim Kardashian West, Mike Bloomberg, Apple and Uber are also known to have been hit.
Tweets were simultaneously posted promoting a Bitcoin scam which promised followers free bitcoin if they transferred funds to a specific digital wallet.
Online privacy experts and advocates have called into question Twitter’s security measures following the hack.
Immediately following the attack, the alarm was sounded that cyber security experts warned that personal information seen during the breach could be leaked in future.
Twitter has also come under scrutiny for the security around its internal systems and the employees who have access to data-sensitive areas of the site.
James McQuiggan, security awareness advocate at cyber security firm KnowBe4, said that, while the attack itself was alarming, cyber criminals gaining access to Twitter’s internal and administrative tools and the high-profile accounts it oversees is ‘a much larger concerning notion’.
Source: Read Full Article