Read Twitter’s update on the huge hack — 8 accounts may have had private messages stolen
On Friday evening, Twitter issued its first full blog post about what happened after the biggest security lapse in the company’s history, one that led to attackers getting hold of some of the highest profile Twitter accounts in the world — including Democratic presidential candidate Joe Biden, President Barack Obama, Tesla CEO Elon Musk, Microsoft co-founder Bill Gates, Kanye West, Michael Bloomberg, and more.
The bad news: Twitter has now revealed that the attackers may indeed have downloaded the private direct messages (DMs) of up to 8 individuals while conducting their Bitcoin scam, and were able to see “personal information” including phone numbers and email addresses for every account they targeted.
That’s because Twitter has confirmed that attackers attempted to downloaded the entire “Your Twitter Data” archive for those 8 individuals, which contains DMs among other info.
For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. We are reaching out directly to any account owner where we know this to be true.
— Twitter Support (@TwitterSupport) July 18, 2020
They may even have DMs that the 8 individuals deleted, given that Twitter stores DMs on its servers as long as either party to a conversation keeps them around — we learned last February that you can retrieve deleted DMs by downloading the “Your Twitter Data” archive, even if you’ve deleted them yourself. The archive can also include other personal information like your address book and any images and videos you may have attached to those private messages as well.
The good news: none of those 8 accounts were verified users, meaning that none of the high-profile individuals targeted had their data downloaded. It’s still possible that the hackers looked at their DMs, but no, Democratic presidential candidate Joe Biden and others probably didn’t just get their DMs stolen outright.
There is a lot speculation about the identity of these 8 accounts. We will only disclose this to the impacted accounts, however to address some of the speculation: none of the eight were Verified accounts.
— Twitter Support (@TwitterSupport) July 18, 2020
According to Twitter, hackers targeted 130 accounts; successfully triggered a password reset, logged in, and tweeted from 45 of them; and only attempted to download data for that “up to eight” non-verified accounts. We do not know how many accounts they may have scanned for personal information or how many DMs they might have simply accessed or read.
And for the larger batch of 130 accounts — including high-profile ones like the Democratic presidential candidate — Twitter says they may have been able to see other sorts of personal information. Twitter also allows logged in users to see a location history of the places and times that they’ve logged in, as an example.
Twitter previously confirmed that its own internal employee tools were used to facilitate the account takeovers, and suspected that its employees had fallen for a social engineering scam — now, the company is going further to say definitively that the attackers “successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections.”
That aligns with the prevailing theories, which you can read more about in the NYT’s impressive report here.
There are still many, many more questions and serious investigations still ahead.
You can read Twitter’s full blog post here.
On Friday evening, Twitter issued its first full blog post about what happened after the biggest security lapse in the company’s history, one that led to attackers getting hold of some of the highest profile Twitter accounts in the world — including Democratic presidential candidate Joe Biden, President Barack Obama,…
Recent Posts
- Android 15 could give your phone’s storage page a small-but-mighty makeover
- The 11 Best Early Memorial Day 2024 Mattress Deals
- A Samsung Galaxy Z Fold 6 benchmark shows its likely chipset and RAM
- Twitter is officially X.com now
- Google is giving Android users hands-free navigation and a way to talk with emojis
Archives
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011