Twitter revealed that hackers targeted just 130 accounts during the cyberattack this week that compromised some of the world’s most recognizable people, though no passwords were stolen.
The U.S. company said the still-unknown perpetrators had gained control of a subset of those accounts and were able to send tweets. Twitter has blocked data downloads from affected accounts as its investigation continues, it said on its online support page.
“We’re working with impacted account owners and will continue to do so over the next several days,” the company said. “We are continuing to assess whether nonpublic data related to these accounts was compromised, and will provide updates if we determine that occurred.”
Details are trickling out about the hack that affected global political and business leaders, including Democratic presidential candidate Joe Biden, former President Barack Obama and Tesla Chief Executive Officer Elon Musk. Those who gained access to the accounts used them to attempt a bitcoin scam, sending tweets asking for people to give them money in exchange for a bigger payment in return.
Twitter is grappling with the worst security breach in its 14-year history. It’s said the hack was part of a “coordinated social engineering attack” that targeted its own employees. That granted hackers access to some of the company’s internal systems, and then high-profile user accounts, it said. That forced Twitter to temporarily halt verified accounts from sending any tweets.
Twitter is still probing how the attack was carried out and has not disclosed if any other information from the accounts — such as data like private messages — was compromised. The company’s explanation so far has ignited speculation over the identity of the perpetrators and what they were actually targeting in the attack. The scale of the endeavor and its timing — months before the November U.S. elections — have prompted some cybersecurity experts to theorize that the attack masked a more nefarious campaign to seize sensitive data.
Some people who changed their passwords in the past 30 days may still be blocked from accessing their accounts, the company said earlier, but that doesn’t mean those accounts were compromised.
“We have no evidence that attackers accessed passwords,” Twitter said in an update Thursday. “Currently, we don’t believe resetting your password is necessary.”
It will take “significant steps to limit access to internal systems and tools while our investigation is ongoing.”
U.S. politicians quickly called on Twitter to share more information.
“The ability of bad actors to take over prominent accounts, even fleetingly, signals a worrisome vulnerability in this media environment,” said Sen. Mark Warner, D-Va., vice chairman of the Intelligence Committee, and one of the tech industry’s most vocal critics. The Federal Bureau of Investigation is also investigating the hack.
(c) 2020, Bloomberg · Kurt Wagner