Twitter reveals that hackers also downloaded data from eight compromised accounts

The social media giant Twitter confirmed that hackers compromised 130 accounts in last week hack and downloaded data from eight of them.

Last week, the social media platform Twitter has suffered one of the biggest cyberattacks in its history, hackers breached a number of high-profile accounts, including those of Barak Obama, US presidential candidate Joe Biden, Amazon CEO Jeff Bezos, Bill Gates, Elon Musk, Uber, and Apple.

Twitter explained is was victim of a”coordinated social engineering attack” against its employees who gave attackers the access to its internal tools.

All the accounts were compromised simultaneously and threat actors used them to promote a cryptocurrency scam. The attackers posted messages urging the followers of the hacked accounts to send money to a specific bitcoin wallet address to receive back larger sums.

“Everyone is asking me to give back, and now is the time,” reads a messages posted from Bill Gates’ Twitter account said. “You send $1,000, I send you back $2,000.”

Experts also noticed that attackers have changed the email addresses associated with the accounts to delay the response to the hijack.

Now Twitter provided an update on the security incident confirming that attackers targeted certain Twitter employees through a social engineering scheme.

The hackers targeted 130 accounts and were able to take control of 45 of them sending out some posts on behalf of the owners, and downloaded data from eight.

“The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts.” reads the update provided by Twitter. “For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets.”

Below the info provided by Twitter for the 130 accounts that were targeted by the hackers:

• Hackers did not view previous account passwords, as those are not stored in plain text or available through the tools used in the attack.
• Hackers only accessed personal information associated with compromised accounts, including email addresses and phone numbers. This data is available to some users of Twitter’s internal support tools.
• In cases where an account was taken over by the attacker, they may have been able to view additional information.

For up to eight of the Twitter accounts targeted by the hackers, the intruders also downloaded the account’s information through the Twitter’s “Your Twitter Data” tool.

“For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool.” continues the update.

“This is a tool that is meant to provide an account owner with a summary of their Twitter account details and activity. We are reaching out directly to any account owner where we know this to be true. None of the eight were verified accounts.”

Twitter pointed out that its incident response team immediately acted once discovered the hack, it secured and revoked access to internal systems to lock out the attackers. The company decided to share online only a few details on its remediation procedure to protect its effectiveness. Twitter plans to provide more technical details about the remediation procedure, in the future.

The social media network is continuing to investigate this incident along with law enforcement.

This week the New York Times published a report that revealed that hackers breached employee a Twitter’s internal Slack messaging channel where they found credentials for the backend systems of the social network.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, social engineering)

[adrotate banner=”5″]

[adrotate banner=”13″]