Twitter says hackers downloaded data from eight users in Wednesday’s hack


twitter.jpg

Twitter has provided another update in its investigation into its security incident on Wednesday when a group of hackers broke its backend and tweeted a cryptocurrency scam on behalf of high-profile, verified accounts.

The incident became notable because hackers compromised the accounts of public figures such as Barrack Obama, Joe Biden, Bill Gates, Elon Musk, Jeff Bezos, Apple, Uber, Kanye West, Kim Kardashian, Michael Bloomberg, and many others.

In light of the highly publicized incident and with all eyes on the world in its response, Twitter has been providing updates daily since the attack, as security teams review logs for what happened and who was behind the intrusion.

These updates have now become quite bulky and complicated, and as a result we will list them below and continue to update this article as Twitter releases new evidence.

  • The incident took place on Wednesday July 15, 2020.
  • Twitter said hackers used social engineering to gain access to the accounts of Twitter employees.
  • A New York Times report that has yet to be confirmed by Twitter said hackers violated employees’ Slack accounts and found credentials for the Twitter backend on a Slack channel.
  • Twitter said hackers “breached” its two-factor protections, but did not specify whether it was referring to back-end accounts or Slack accounts.
  • Once the hackers accessed the Twitter backend, they used Twitter’s own internal support tools to interact with the accounts.
  • Hackers interacted with 130 accounts, according to Twitter.
  • For 45 accounts, hackers initiated a password reset, logged into the account, and sent new tweets to promote their cryptocurrency scam.
gateshack.png
  • Twitter said it believes hackers also tried to sell access to some hijacked Twitter accounts, due to coveted usernames.
  • For eight accounts, hackers downloaded account data through the “Your Twitter Data” feature.
  • Twitter did not say whether the downloaded data also included private messages, or whether its support tool has the ability to view DMs.
  • None of these eight accounts were verified.
  • Twitter is now reaching all eight account owners.
  • Once the hack came to light on Wednesday, Twitter said it blocked all verified accounts from tweeting while investigating.
  • Then it also prevented some users from resetting their password for hackers to take over new accounts.
  • These limitations lasted a few hours and the functionality was finally returned.
  • Twitter said it had no reason to believe that hackers had access to clear text passwords and that they will not reset users’ passwords in the future.
  • However, the attackers did see information such as email addresses and phone numbers for the targeted accounts.
  • A police investigation is already underway.

Updates will follow as Twitter learns more and shares with the public.