Twitter has released new details about the hack heard around the world this week, which apparently is a massive scam That was aimed at getting users to send bitcoin to a random cryptocurrency wallet. It was carried out by targeting some of the most high-profile accounts on the social network., such as those belonging to Elon Musk, Jeff Bezos, Kanye West, Joe Biden and Barack Obama. In addition to asking for bitcoins, Twitter revealed that the attackers also managed to download account information., which includes direct messages, for up to eight of the 130 selected accounts.
This does not mean that we will suddenly see any of Musk’s, or any of the other high-profile, direct and directed messages coming online as a result of this hack. These are verified accounts, which were not among the eight identified by the company.
“For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account information through our ‘Your Twitter data‘tool’, Twitter said in a blog post published Friday night. “This is a tool that is intended to provide an account owner with a summary of the details and activity of their Twitter account. We are communicating directly with any account owner where we know this to be true. None of the eight were verified accounts. “
G / O Media may receive a commission
The company also revealed that for 45 of the 130 targeted accounts, the attackers were able to initiate a password reset., Sign in to the account and send tweets. Twitter believes that the attackers may also have tried to sell some of the username.
According to the page dedicated to “Your Twitter data“ The tool offers users a “snapshot” of their Twitter information. This includes “your profile information, your Tweets, your Direct Messages, your Moments, your media (images, videos and GIFs that you have attached to Tweets, Direct Messages or Moments), a list of your followers, a list of accounts that you they’re following your address book, lists you’ve created, are members of, or following, demographic and interest information we’ve inferred about you, information about ads you’ve seen or interacted with on Twitter, and more. “
Yes, despite that long list of detailed and private information, let’s not forget the “and more.”
On his blog, Twitter worked to reassure the rest of his user base, which is correctly concerned about the implications of the attack now and in the future. The company said it believed that hackers did not see the private information of “the vast majority of people.”
However, for the 130 selected accounts, Twitter said that while attackers couldn’t see passwords for previous accounts, they could see personal information, including email accounts and phone numbers.. In addition, in cases where hackers seized an account, Twitter said “they may have been able to see additional information.” He did not specify what information could be and said his forensic investigation of the matter It was ongoing.
In addition to providing new details about the data accessed, Twitter reviewed the actions it had taken so far to address the incident. Behind the scenes, the company stated that it had moved quickly to lock and regain control of hacked accounts, as well as to secure and revoke access to internal systems to prevent hackers from entering their systems or accounts further. individual.
Other actions included blocking many users even some verified users (the people with the blue check mark), from tweeting or changing their passwords and lock accounts where a password was recently changed. Twitter said it was working on restoring access for all users who had been locked out of their accounts this weekend and next week.
However, the company said it would limit the details it shared about its actions to address the incident at this time.
“We are deliberately limiting the details we share in our remediation steps at this time to protect its effectiveness and will provide more technical details, when possible, in the future,” wrote Twitter.
As for how the hack happened, Twitter said it believed hackers attacked their employees using Social engineeringor manipulating employees to take certain actions and reveal confidential information.
the New York Times reports that he spoke to four people who participated in the Twitter hack. Based on the interviews, the Times deduces that the attack was not carried out by Russia or a sophisticated group of hackers., but rather a group of young people. Apparently one of them is a 19-year-old boy who lives at home with his mother in southern England, while another is in his 20s and lives on the west coast.
The hack, which generated around $ 120,000 value of donations to the wallet address that was tweeted from specific accounts, understandably it has triggered the alarms. The FBI and the New York State Department of Financial Services are investigating the attack, according to the Wall street journal.
As the Journal noted, an attack like this is especially alarming given the importance of Twitter as a platform for political discussion months before the United States presidential election. Kara Swisher and Scott Galloway, co-hosts of the Pivot podcast also highlighted the danger of President Donald Trump’s favorite social media platform, which is his primary way of communicating with the world, being hacked A hacker could, for example, take over The Trump account and the lie about launching an attack on a city.
Interestingly, though perhaps I should say “thank goodness,” the Trump account was not one of the hacked this week.
Twitter knows that this is obviously not a good thing. The company says it is embarrassed and sorry.
“We are very aware of our responsibilities to the people who use our service and to society in general,” said Twitter. “We are ashamed, disappointed, and most of all, we are sorry. We know that we must work to regain their trust, and we will support all efforts to bring those responsible to justice. ”
.