Twitter issues its first blog post about the biggest security lapse in the company’s history. Joe Biden, President Barack Obama, Tesla CEO Elon Musk, and Microsoft co-founder Bill Gates were among the attackers. The account was the largest security lapse on Twitter’s history.
Twitter has now revealed that the attackers may have downloaded the private direct messages of up to 8 individuals while conducting their bitcoin scam. They were able to see’personal information’ including phone numbers and email addresses for every account they targeted.
Twitter has confirmed that attackers attempted to download the’your Twitter data’ archive for those 8 individuals, which contains DMs among other info.
For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our’your Twitter data’ tool. We are reaching out directly to any account owner where we know this to be true.
Twitter stores DMs on its servers as long as either party to a conversation keeps them around. You can download the’your Twitter data’ archive, even if you’ve deleted them yourself.
Twitter claims none of the 8 accounts were verified users. The Democratic presidential candidate and others probably did n’t just get their DMs stolen.
There is a lot speculation about the identity of these 8 accounts. None of the eight were verified accounts. We will only disclose this to the impacted accounts.
According to Twitter, hackers targeted 130 accounts and successfully triggered a password reset, logged in, and tweeted from 45 of them. We do not know how many accounts they may have scanned for personal information or how many DMs they might have simply accessed or read.
Twitter also allows logged in users to see a location history of the places and times that they’ve logged in. For the larger batch of 130 accounts, Twitter says they may have been able to see other sorts of personal information.
Twitter previously confirmed that its own internal employee tools were used to facilitate the accounts takeovers. Now, the company is going further to say that the attackers’successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems’.
The NYT’s report says that aligns with the prevailing theories. The new report is based on the latest research of the NYT.