Twitter admits hackers accessed DMs of dozens of high-profile accounts

by
Devin Coldewey
from Crunch Hype on (#561Z6)

Last week's hack of over 100 very high-profile Twitter accounts did in fact expose the direct messages of many of those accounts, the company admitted today - including those of an elected official in the Netherlands, Geert Wilders.

The attack saw numerous popular accounts of celebrities and politicians taken over and tweeting a very obvious Bitcoin scam that nevertheless seems to have netted at least six figures. Twitter said that a coordinated social engineering attack" gave hackers access to internal systems and tools." Verified users were also briefly prevented from tweeting (a change some welcomed).

In tweets and an update to its blog post on the security incident," Twitter said that for up to 36 of the 130 targeted accounts, the attackers accessed the DM inbox." They are actively working on communicating directly" with those accounts affected.

We believe that for up to 36 of the 130 targeted accounts, the attackers accessed the DM inbox, including 1 elected official in the Netherlands. To date, we have no indication that any other former or current elected official had their DMs accessed.

- Twitter Support (@TwitterSupport) July 22, 2020

Twitter had declined to say in the immediate aftermath of the attack whether DMs had been accessed by the hackers. Twitter's messaging system is infamously not well encrypted but it was not clear whether the administrative tool reportedly used by the attackers offered access to inboxes.

A hacker used Twitter's own admin' tool to spread cryptocurrency scam

Apparently whatever method was used, it gave access to DMs some of the time, or perhaps the hackers simply didn't avail themselves of the opportunity for the remaining 94 accounts they took over. It's not really clear from Twitter's announcement. Twitter has previously said that it has no evidence" that passwords were accessed by the hackers, and nothing in the update contradicts that.

The company's attempted to place a silver lining on this cloud, saying it had no indication that any other former or current elected official had their DMs accessed." Considering the accounts of Barack Obama and Joe Biden were among those affected, that is technically good news.

This is almost certainly not the last we'll hear from Twitter on this disturbing security breach.

Techcrunch?d=2mJPEYqXBVI Techcrunch?d=7Q72WNTAKBA Techcrunch?d=yIl2AUoC8zA Techcrunch?i=Dhh2BRUIgFg:cpStWsKRgmY:-BT Techcrunch?i=Dhh2BRUIgFg:cpStWsKRgmY:D7D Techcrunch?d=qj6IDK7rITsDhh2BRUIgFg
External Content
Source RSS or Atom Feed
Feed Location http://feeds.feedburner.com/TechCrunch/
Feed Title Crunch Hype
Feed Link https://techncruncher.blogspot.com/
Reply 0 comments