Twitter scam affected several known names
Twitter on Thursday revealed further details in the massive crypto hack, saying the hackers accessed the DM (direct message) inbox of up to 36 of the 130 targeted users, including one elected official in the Netherlands. The company said it was communicating directly with impacted account owners and will share updates "when we have them".
In total, 130 accounts were targeted by attackers, 45 accounts had Tweets sent by attackers, 36 accounts had the DM inbox accessed and eight accounts had an archive of "Your Twitter Data" downloaded (none of these was verified), informed Twitter.
"To date, we have no indication that any other former or current elected official had their DMs accessed," tweeted Twitter Support.
Twitter was yet to provide country-wise data of those affected. The company tried to allay confusion around how the eight accounts relate to the 36 reported now.
"Eight is the number of accounts where an archive of ‘Your Twitter Data' was downloaded. This includes all of your account activity including DMs. None of the ‘Your Twitter Data' downloads impacted Verified accounts," clarified Twitter.
Thirty-six is the number of accounts where the attacker took control of the account and viewed the DM inbox on https://Twitter.com. "The attackers were not able to view previous account passwords, as those are not stored in plain text or available through the tools used in the attack," said the micro-blogging platform.
However, the attackers were able to view personal information including email addresses and phone numbers, which are displayed to some users of the internal support tools.
"In cases where an account was taken over by the attacker, they may have been able to view additional information. Our forensic investigation of these activities is still ongoing," said Twitter.
It last week admitted that the cryptocurrency hack was a "coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools".
The accounts of major public figures including US Democratic presidential candidate Joe Biden, Barack Obama, Elon Musk, Bill Gates, Jeff Bezos, Apple and Uber were simultaneously hacked by attackers to spread a cryptocurrency scam.
