October 24, 2020
Twitter says attackers accessed inbox of 36 accounts in widespread hack

Twitter says attackers accessed inbox of 36 accounts in widespread hack


twitter-9998

James Martin/CNET

A week after hackers hijacked the Twitter accounts of high-profile users including former US President Barack Obama and Microsoft founder Bill Gates, the social media company revealed Wednesday that attackers managed to gain access to the direct messages of 36 of those accounts.

The social media company also said the Twitter inbox of one elected official in the Netherlands had been accessed, but that there was “no indication that any other former or current elected official had their DMs accessed.” It’s unclear whether the attackers were able to compose and send messages to other users, in addition to being able to view direct messages. 

The Twitter accounts of 130 users were targeted as part of a bitcoin scam last Wednesday, when hackers posted tweets soliciting donations via bitcoin after taking control of those accounts. The accounts targeted included dozens of internationally famous figures spanning politics, tech and entertainment. 

Although Twitter has run into problems with cryptocurrency scams in the past, the scale of this hack appears unprecedented, drawing international scrutiny to the security vulnerabilities of one of the world’s most popular social media platforms. Twitter declined a request for a full list of the targeted accounts, citing its ongoing investigation. 

screenshot-2020-07-23-at-1-15-22-pm.png

Twitter CEO Jack Dorsey tweeted this thread in the aftermath of July’s sprawling hack.


Screenshot by Sareena Dayaram/CNET

“Everyone is asking me to give back, and now is the time,” read a tweet from Gates’ account, which promised to double all payments to a Bitcoin address for the next 30 minutes.

A tweet from Tesla CEO, Elon Musk said, “I’m feeling generous because of Covid-19,” Musk’s tweet said. “I’ll double any BTC payment sent to my BTC address for the next hour. Good luck, and stay safe out there!” 

All tweets were subsequently deleted and verified Twitter accounts, those with a blue checkmark, were temporarily silenced as part of the company’s initial responses to the hack. Still, the brazen hack along with Twitter’s response have sparked fresh concerns from cybersecurity experts that social media platforms, which have become an increasingly important source of news and information, are unable to keep their operations secure.

On Friday, Twitter disclosed that 45 accounts had tweets sent out by attackers and eight non verified accounts had data downloaded from them. Obama, Gates, Musk and other VIP users such as Amazon founder Jeff Bezos and rapper Kanye West, who had their accounts compromised, all have verified Twitter accounts. When users download their Twitter data, it includes photos, videos, an address book and other information — and even direct messages, which means hackers have been privy to a total 44 Twitter inboxes.

Twitter believes that the attackers were able to circumvent security protections after they “successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems.” The company did not disclose if the employees were tricked into handing over these credentials or were bribed.





Source link

Leave a Reply

Your email address will not be published. Required fields are marked *