Angela Lang / CNET
Twitter said Friday night that hackers who hijacked the accounts of high-profile users, including former Americans President Barack Obama and Microsoft founder Bill Gates to tweet a bitcoin scam this week also downloaded data from up to eight accounts.
The company did not identify who owned the accounts, but said they were not verified. Obama, Gates, and other prominent users such as Tesla CEO Elon Musk and rapper Kanye West, who had their accounts compromised, have verified Twitter accounts. When a user downloads their data from Twitter, it includes direct messages, photos, videos, their address book and other information.
“In cases where the attacker took over an account, they may have been able to see additional information,” Twitter said in a blog post on Friday night. “Our forensic investigation of these activities is still ongoing.”
Politicians and cybersecurity experts have raised concerns in the wake of the widespread hack that direct messages from some of the world’s most powerful people may have been accessed during Wednesday’s attack. If there is confidential information in these messages, hackers could use it to blackmail or ransomware. Direct Twitter messages are not end-to-end encrypted, which would have prevented employees from reading private messages.
On Thursday, Twitter said the company believes that hackers attacked the Twitter accounts of 130 users. Twitter said Friday that hackers were able to reset passwords for 45 accounts, giving them the ability to log into accounts and tweet. Attackers may have also attempted to sell some of the username.
The company said it believes attackers were unable to see a user’s previous passwords. They were able to see personal information, including email addresses and phone numbers, Twitter said.
Twitter rejected a request for a complete list of target accounts in light of its ongoing investigation, in which it “continues to assess whether non-public data related to these accounts was compromised.”
Although Twitter has faced the problem of cryptocurrency scams in the past, the size of Wednesday’s attack is unusual, highlighting the potential security vulnerabilities of the popular social media platform. Twitter said it believes attackers were able to bypass account security protections, such as two-factor authentication after they “successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems.” The company did not say if the employees were tricked into handing over these credentials or if they were bribed.
On Wednesday, the accounts of dozens of internationally famous figures spanning technology, politics and entertainment posted similar tweets requesting donations via Bitcoin. Apple, Uber, and other companies were also caught in the expanding hack, which Twitter later attributed to a social engineering attack on its employees.
“Everyone is asking us to return the money, and now is the time,” said a now-deleted tweet from Gates, pledging to double all payments to a Bitcoin address over the next 30 minutes.
This is the scam tweet sent from Bill Gates account. (The Bitcoin address has been removed from this screenshot.)
Screenshot by Ian Sherr / CNET
“I feel generous for Covid-19,” said Musk’s tweet. “I will duplicate any BTC payments sent to my BTC address within the next hour. Good luck and stay safe out there!” All tweets were subsequently removed and verified Twitter accounts, those with a blue check, were temporarily silenced.
In addition to Twitter, the FBI also announced the launch of an investigation into the hacking incident.
