- Twitter is still gathering information about a massive hack last week that compromised 130 accounts and stopped the site for hours.
- The hack’s unprecedented scope initially gave rise to theories that it was carried out by a sophisticated nation-state actor, but now it appears that it was carried out by younger and less experienced hackers.
- New details about the extent of the hacking came to light over the weekend, and Twitter revealed that hackers also stole data from eight of the compromised accounts.
- Meanwhile, lawmakers, cybersecurity experts, the FBI, and current Twitter employees are still trying to piece together exactly what happened.
- Visit the Business Insider home page for more stories.
As dust accumulates from one of the biggest hacks in Twitter history last week, investigators inside and outside the company are still trying to understand what happened.
The attack compromised some of the most prominent Twitter accounts last Wednesday, including Barack Obama, Kim Kardashian, Bill Gates and Elon Musk. Compromised accounts repeatedly posted fraudulent messages urging people to send bitcoins to a specific address. After more than two hours of chaos, Twitter stopped the messages by blocking all verified accounts from posting tweets. But the damage to the company’s reputation was already done, and Twitter saw a market value of $ 1.3 billion in pre-market trading the next day.
Twitter revealed new findings about the hack in a blog post released over the weekend. He said hackers accessed 130 accounts in total, adding that the authors downloaded data from eight of those accounts.
“We are embarrassed, disappointed, and most of all, sorry,” the company said in the blog post on Saturday. “We know that we must work to regain their trust, and we will support all efforts to bring those responsible to justice.”
But Twitter has not yet publicly identified who might have been behind the attack. It is now the subject of investigations initiated by the FBI and New York State regulators. Lawmakers in Congress also sent questions to Twitter demanding more information about the nature of the attack.
Unanswered questions to come include how hackers gained access to Twitter accounts, the reasons for hackers, and whether Twitter has patched the vulnerabilities in question. Hackers appear to have stolen more than $ 100,000 through bitcoin sent to the linked wallet in the fraudulent tweets, but cybersecurity experts pointed out that hackers could have taken much more money if they had used compromised accounts in other ways, how to play in the stock market. Experts have also questioned whether another attack could be imminent.
How the hack could have happened
Theories are still hanging around the details of the hack, but some central facts have come into focus in the following days.
On the one hand, it seems clear that hackers took over accounts after gaining access to an internal dashboard for Twitter employees. The tool, whose existence was first reported by Motherboard, apparently allowed hackers to take over accounts by changing their associated email addresses without notifying their owners.
And screenshots obtained by security researchers and shared with Business Insider show people discussing internal tools in hacker forums in the days leading up to the attack. One person posted on the forum claiming that they could change the email address of any Twitter account for prices ranging from $ 250 to $ 3,000.
Twitter said last week that hackers attacked Twitter employees with a “social engineering” scheme to gain access to the internal dashboard, but it’s unclear whether a Twitter employee was aware of the hacker’s plans before. of the attack. Hundreds of Twitter employees have access to the tools in question, former employees told CNN.
Since then, reports have suggested that the people who discussed the hacks on the forums were relatively unsophisticated hackers. The New York Times reported Friday that the hack was carried out by a group of young people, citing interviews with people involved in the hack. Security researcher Brian Krebs traced the identity of one of the forum posts to a 21-year-old British man who may have been involved in the attack.
It is still unclear whether Twitter has properly patched the vulnerability to prevent a similar attack in the future. Twitter said its “next steps” include securing its systems and deploying company-wide training to guard against social engineering schemes, and the company promised transparency as investigations of the attack continue.
“Despite all of this, we also started the long work of restoring trust with people who use and depend on Twitter,” the company said.
Are you a Twitter employee with ideas to share? Contact this reporter at (706) 347-1880 or [email protected], using a device that does not work. Open DMs on Twitter at @aaronpholmes. You can also contact Business Insider securely through SecureDrop.
