Twitter released new details about the hack heard around the world this week, which is apparently a massive scam which aimed to trick users into sending bitcoins to a random cryptocurrency wallet. It was achieved by targeting some of the most prominent accounts on the social network, like those belonging to Elon Musk, Jeff Bezos, Kanye West, Joe Biden and Barack Obama. In addition to asking for bitcoin, Twitter revealed that the attackers also managed to download account information., which includes direct messages, for up to eight of the 130 targeted accounts.
That’s not to say that we’ll suddenly see any of Musk’s direct messages, or any other targeted high-level audiences, appear online all of a sudden as a result of this hack. These are audited accounts, which were not among the eight identified by the company.
“For eight of the affected Twitter accounts, the attackers took the extra step of downloading the account information through our‘Your Twitter data“Tool,” Twitter said in a late-night blog post on Friday. “This is a tool intended to provide the account owner with a summary of their Twitter account details and activity. We contact any account owner directly that we know to be true. None of the eight were verified accounts. “
The company also revealed that for 45 of the 130 targeted accounts, attackers were able to initiate a password reset., log into the account and send tweets. Twitter believes the attackers may have attempted to sell some of the usernames as well.
According to the page dedicated to “Your Twitter data“, the tool gives users a “snapshot” of their Twitter information. This includes “your profile information, your Tweets, your private messages, your moments, your media (images, videos and GIFs that you have attached to tweets, direct messages or moments), a list of your followers, a list of accounts you follow, your address book, lists you have created, are a member of or follow, demographic and interest information we have inferred about you, information about advertisements that you have seen or interacted with on Twitter, etc. “
Yes, despite this extremely long list of detailed and private information, let’s not forget “and more.”
In its blog, Twitter has worked to reassure the rest of its user base, which is exactly concerned about the implications of the attack now and in the future. The company said it believes hackers don’t see the private information of “the vast majority of people.”
However, for the 130 targeted accounts, Twitter said that even though attackers were unable to see passwords from previous accounts, they could view personal information, including email accounts and phone numbers. .. Additionally, in instances where an account has been taken over by hackers, Twitter said “they could have seen additional information.” He did not specify what information it was and said his forensic investigation into the case was in progress.
In addition to providing new details on the data consulted, Twitter described the steps it has taken so far to resolve the incident. Behind the scenes, the company said it acted swiftly to lock down and regain control of hacked accounts as well as secure and revoke access to internal systems in order to prevent hackers from penetrating further into its systems or them. individual accounts.
Other actions included blocking many users, including some verified users (people with the blue tick), tweet or change their passwords and locking out accounts where a password had recently been changed. Twitter said it was working to restore access for all users who had been banned from their accounts this weekend and next week.
Nonetheless, the company said it would limit details it shared about its actions to resolve the incident for now.
“We are deliberately limiting the details we share about our remediation steps at this time to protect their effectiveness and will provide more technical details, if possible, in the future,” Twitter wrote.
As to how the hacking happened, Twitter said it believed the hackers had targeted its employees using social engineering, or by manipulating employees into performing certain actions and revealing confidential information.
the New York Times reports that he spoke to four people who participated in the Twitter hack. Based on the interviews, The Times deduces that the attack was not carried out by Russia or a sophisticated group of hackers., but rather a group of young people. One of them is apparently a 19-year-old who lives at home with his mother in the south of England, while another is believed to be in his 20s and lives on the west coast.
The hack, which generated approximately $ 120,000 value of donations to the wallet address that was tweeted from the targeted accounts, naturally sounded the alarm bells. The FBI and the New York State Department of Financial Services are investigating the attack, in accordance with the Wall Street newspaper.
As the Journal notes, an attack like this is particularly alarming given Twitter’s importance as a platform for political discussion months before the US presidential election. Kara Swisher and Scott Galloway, co-hosts of the Pivot podcast, also highlighted the danger of President Donald Trump’s favorite social media platform, which is his primary means of communicating with the world, be hacked. A hacker could, for example, take over Trump’s story and lie about launching an attack on a city.
Oddly enough, while maybe I should say ‘thank you my God’, Trump’s account was not among those that got hacked this week.
Twitter knows this is obviously not good. The company says she is embarrassed and sorry.
“We are fully aware of our responsibilities to the people who use our services and to society in general,” Twitter said. “We are embarrassed, we are disappointed, and most of all, we are sorry. We know we must work to regain your trust and we will support all efforts to bring the perpetrators to justice. “