Twitter revealed that hackers accessed DM Inboxes in July attack

Twitter confirmed that hackers accessed the direct message (DM) inboxes of some of the accounts that were recently compromised.

Last week, the social media giant Twitter revealed that hackers compromised 130 accounts in the attack that took place on July 15 and downloaded data from eight of them.

Attackers breached a number of high-profile accounts, including those of Barak Obama, US presidential candidate Joe Biden, Amazon CEO Jeff Bezos, Bill Gates, Elon Musk, Uber, and Apple.

Twitter explained is was victim of a”coordinated social engineering attack” against its employees who gave attackers the access to its internal tools.

All the accounts were compromised simultaneously and threat actors used them to promote a cryptocurrency scam. The attackers posted messages urging the followers of the hacked accounts to send money to a specific bitcoin wallet address to receive back larger sums.

The hackers were able to take control of 45 of them sending out some posts on behalf of the owners, and downloaded data from eight.

With this fraudulent scheme, threat actors obtained nearly $120,000 worth of bitcoins (approximately 12.86 bitcoins were amassed by attackers in their wallet) from the unaware followers of the hacked accounts.

Cryptocurrency exchange Coinbase announced to have blocked more than 1,100 of its customers from sending approximately $280,000 worth of Bitcoin to the wallet used by the attackers in this hack

Now Twitter added that the hackers accessed the DM inboxes of 36 of the targeted accounts.

“We believe that for up to 36 of the 130 targeted accounts, the attackers accessed the DM inbox, including 1 elected official in the Netherlands. To date, we have no indication that any other former or current elected official had their DMs accessed. [Added on July 22, 2020]” reads the update provided by Twitter.

According to the popular investigator Brian Krebs, the attack was perpetrated by individuals specialized in hijacking social media accounts via “SIM swapping.”

“People within the SIM swapping community are obsessed with hijacking so-called “OG” social media accounts. Short for “original gangster,” OG accounts typically are those with short profile names (such as @B or @joe). Possession of these OG accounts confers a measure of status and perceived influence and wealth in SIM swapping circles, as such accounts can often fetch thousands of dollars when resold in the underground.” wrote Krebs.

“In the days leading up to Wednesday’s attack on Twitter, there were signs that some actors in the SIM swapping community were selling the ability to change an email address tied to any Twitter account. In a post on OGusers — a forum dedicated to account hijacking — a user named “Chaewon” advertised they could change email address tied to any Twitter account for $250, and provide direct access to accounts for between $2,000 and $3,000 apiece.”

Krebs linked the hack to some members of the OGUsers forum, whom were selling access to Twitter accounts for profit.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Twitter)

[adrotate banner=”5″]

[adrotate banner=”13″]