The high-profile hijacking of Twitter accounts which was carried out earlier this week took place by targetting certain Twitter employees through a social engineering scheme, the social networking giant said in a statement on Saturday. It added that the hackers manipulated a small number of employees and used their credentials to access Twitter’s internal systems through two-factor protections. Twitter said the hackers seem to have targetted some 130 accounts and were able to log in, send tweets and reset the password on some of them.
“As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send tweets,” it stated.
“For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. We are reaching out directly to any account owner where we know this to be true,” a post tweeted by Twitter Support read.
As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets.
— Twitter Support (@TwitterSupport) July 18, 2020
The company added that there exists a lot speculation about the identity of these 8 accounts and said it will “only disclose this to the impacted accounts, however to address some of the speculation: none of the eight were Verified accounts”.
The New York Times, in a report, stated that the hackers were young pals with no links to state or organized crime, news agency AFP reported. The attack started with a playful message between hackers on the platform Discord, a chat service popular with gamers, according to the Times.
The massive hack involved high-profile users from Elon Musk to Joe Biden. Posts trying to dupe people into sending hackers the virtual currency bitcoin were tweeted by the official accounts of Apple, Uber, Kanye West, Bill Gates, Barack Obama and many others on Wednesday.
Fraudulent posts, which were largely deleted, said people had 30 minutes to send $1,000 in cryptocurrency bitcoin, promising they would receive twice as much in return.
More than $100,000 worth of bitcoin was sent to email addresses mentioned in the tweets, according to Blockchain.com, which monitors crypto transactions.
(With inputs from AFP)