Twitter says 130 accounts affected by high-profile hack

Saturday, 18 Jul, 2020

Twitter has said hackers likely tricked Twitter employees into giving them access to an internal company tool.

Twitter addressed that but did not answer it, saying "We are continuing to assess whether non-public data related to these accounts was compromised, and will provide updates if we determine that occurred". A lot of people already know about this so why would the hacker use such a simple and silly scam when he had access to basically the most popular Twitter accounts?

"You will be given a full refund if for any reason you aren't given the email/@", the poster said, describing the Twitter account with an @ sign.

Twitter had stepped up its efforts to hire a Chief Information Security Officer in the two weeks prior to the hacking attack, Reuters reported citing two sources familiar with the matter.

The FBI is now investigating.

Elon Musk, Bill Gates, Joe Biden and Barack Obama were among those hit in what Twitter said was a "co-ordinated" attack.

Although the details are still coming into focus - and Twitter and the Federal Bureau of Investigation are still investigating - the fact that early word of the hack spread on a forum popular with gamers and Instagram account swappers suggests the incident likely had a nexus with low-level cybercrime rather than nation state-level subterfuge.

"It has been almost two years since our meeting, and Twitter DMs are still not encrypted, leaving them vulnerable to employees who abuse their internal access to the company's systems, and hackers who gain unauthorized access", said Wyden. However, it has locked all accounts that attempted a password change in the last 30 days.

"Since early evening yesterday, both Donald Trump Jr. and I have been locked out of our respective Twitter accounts. We are extremely lucky that these attackers are monetarily motivated and not sowing mass chaos all over the world".

Shares in the social media company tumbled nearly 5 percent in trading after the market close before paring their losses. In a detailed account posted on Thursday, Lucky describes an attack on @6 which involved first resetting the email address associated with the account, and then disabling the two-factor authentication used to protect it.

The seller also posted a screenshot of the panel usually reserved for high-level Twitter employees.

The full extent of the compromise is unclear, since Twitter hasn't revealed how many accounts that didn't post the scam messages were taken over by the attackers.

The Twitter hack took place in the wee hours of the morning.

"If anything, the "scam" part supports the conclusion that the group behind the attack was, to Twitter's luck, unsophisticated".

CEO Dorsey said in a tweet on Wednesday it was a "tough day" for everyone at Twitter and pledged to share "everything we can when we have a more complete understanding of exactly what happened".

Coupled to the seemingly poor security is that Twitter itself does not even now have a chief information security officer. The wide-ranging conversation also included the company's approach to handling misinformation, features created to let users take more control over who they interact with on the site, and the platform's use in the Black Lives Matter protests. Various reports claim that the Twitter employee was paid to give the hacker access to internal tools, whereas Twitter claims that a number of its employees were targeted in a social engineering attack.