Twitter says hackers downloaded data from private accounts

Image copyright
Reuters / AFP

Twitter has confirmed that hackers used tools that were only supposed to be available to their own staff to carry out Wednesday’s hacking attack.

The rape saw the accounts of Barack Obama, Elon Musk, Kanye West, and Bill Gates, among other celebrities used to tweet a Bitcoin scam.

Twitter also revealed that the perpetrators had downloaded data from up to eight of the accounts involved.

He declined to reveal their identities but said that none of them was “verified”.

This means that they did not have a blue mark to confirm their ownership and were therefore not among the most high-profile hacked accounts.

However, the fact that attackers were able to make use of the Your Twitter Data download tool means that they now potentially have access to affected users:

• direct private messages, including photos and videos
• contacts, which the Twitter application would have imported from the address books of their smartphones
• history of physical location, recorded when they had used the service
• details about the accounts that had been muted and blocked
• interest and demographic information that Twitter inferred about them through the use of its platform

In a later development, the New York Times suggested that the social network was exposed after hackers gained access to credentials that had been shared on Twitter’s internal Slack messaging channel, a service that some companies use as an alternative to email.

The newspaper also suggests that at least two of those involved are from England.

In total, Twitter said 130 accounts had been targeted, of which hackers had managed to reset 45 passwords, giving them control.

He added that he believed those responsible could have tried to sell some of the stolen username.

“The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems,” it said in a statement.

“We continue our investigation of this incident, working with the police and determining long-term actions that we must take to improve the security of our systems.”

He added: “We are ashamed, disappointed, and, most of all, sorry.”

How did the attack develop?

Twitter said the attackers had targeted certain Twitter employees through a “social engineering scheme.”

“In this context, social engineering is the intentional manipulation of people to perform certain actions and disclose confidential information,” he said.

A small number of personnel had been successfully manipulated, he said.

Once inside Twitter’s internal systems, hackers were unable to see users’ past passwords, but were able to access personal information, including email addresses and phone numbers, as these are visible to staff. using internal support tools.

They may also have been able to view additional information, the company said. It has been speculated that this could include direct messages.

Private messages from Kanye West, Kim Kardashian West or Elon Musk could be worth money on dark web forums. Selling the private messages from presidential candidate Joe Biden or former New York Mayor Michael Bloomberg could also have political consequences.

It is unclear why hackers did not download all the data from these celebrity accounts, but instead did it for others.

Twitter is “actively working to communicate directly” with affected users, according to its statement. It also continues to restore access for other users who are still locked out of their accounts as a result of the company’s initial response to the attack.

What happened during the hack?

On July 15, various Bitcoin-related accounts began tweeting what appeared to be a simple Bitcoin scam, promising to “give back” to the community by duplicating any Bitcoin sent to their address.

Then the apparent scam spread to high-profile accounts like Kim Kardashian West and Joe Biden, and those of the Apple and Uber corporations.

Twitter hastened to contain the unprecedented attack, temporarily preventing all verified users, those with a blue tick in their accounts, from tweeting.

However, the President of the United States, Donald Trump, one of the most prominent Twitter users, was not affected.

It was speculated for some time that President Trump has additional protections after an employee deactivated his account on his last day of work in 2017.

The New York Times confirmed that this was how the Trump account escaped the attack, citing an unnamed White House official and a separate Twitter employee.

Despite the scam being obvious to some, the attackers received hundreds of transfers, worth more than $ 100,000 (£ 80,000).

What do we know about attackers?

Bitcoin is extremely difficult to track and the three separate cryptocurrency wallets that cybercriminals used have already been emptied.

Digital money is likely to break into smaller amounts and run through so-called “mixer” or “glass” services to make it even harder to track attackers.

Media playback is not supported on your device

Clues to those responsible have emerged through bragging on social media, including Twitter itself.

Earlier this week, researchers at cybercrime intelligence firm Hudson Rock saw an ad on a hacker forum claiming to be able to steal any Twitter account by changing the email address to which it is linked.

The seller also posted a screenshot of the panel generally reserved for high-level Twitter employees. It seemed to allow full control of adding an email to an account or “separating” existing ones.

This means that the attackers had access to the Twitter back-end at least 36-48 hours before the Bitcoin scams started to appear on Wednesday night.

Investigators have also linked at least one Twitter account to the hack, which has now been suspended.

• Learn more about the Twitter hack in the latest Tech Tent podcast on BBC Sounds