Twitter says hackers accessed direct messages (DM) from 36 accounts, including one for an elected official in the Netherlands.
These hackers were the same ones who breached Twitter's system and took over the accounts of around 130 people last week in a bitcoin scam, according to the company.
The hackers were able to uncover 36 direct message inboxes, including one for an elected official in the Netherlands. Like phone text messages, direct messages are considered private.
According to Twitter, the hackers may not have looked at DMs for any other elected official aside from the politician in the Netherlands.
Twitter previously said that the attackers downloaded takeout information using the “Your Twitter Data” tool for certain accounts.
According to Twitter, it is still trying to determine whether private data was stolen from the 130 accounts attacked by the hackers to promote a Bitcoin scam. This could include direct messages.
The company said: “We’re working with impacted account-owners and will continue to do so over the next several days. We are continuing to assess whether non-public data related to these accounts was compromised.”
An investigation is currently being undertaken by the Federal Bureau of Investigation (FBI).
Attack on verified Twitter accounts
Twitter said several prominent US accounts were compromised to promote a cryptocurrency scam due to an attack by hackers on some of its employees with access to the company’s internal tools.
Twitter’s support team said: “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
The hackers were able to bypass account security by somehow gaining access to Twitter’s own internal administration tools.
In a series of tweets, the company said: “We know they [the hackers] used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf.”
The affected accounts include those of former President Barack Obama, Kanye West, Kim Kardashian West, Warren Buffett, Jeff Bezos and Mike Bloomberg. The accounts posted similar tweets soliciting donations via Bitcoin to their verified profiles.
"Misguided"
Researchers at cyber-crime intelligence firm Hudson Rock found an advertisement on a hacker forum claiming to be able to steal any Twitter account by changing the email address to which it is linked.
A screenshot of the panel usually reserved for high-level Twitter employees was posted, which appeared to enable full access to an account by adding an email to an account or “detaching” existing ones.
This means that at least 36 to 48 hours prior to the attack, the hackers already had access to the internal administration tools.
Roi Carthy, chief executive officer (CEO) of Hudson Rock said: “Bitcoin scam is a misguided way to frame this incident.”
“If anything, the ‘scam’ part supports the conclusion that the group behind the attack was, to Twitter’s luck, unsophisticated. The incident can either be characterised as an account take-over campaign for sale on the Darkweb, or a data breach to get a hold of Direct Messages for malicious purposes,” Carthy argued.
