Twitter has been in the news recently for the attack on its internal system through a bitcoin scam on Wednesday this week. The attack targeted verified accounts of politicians, celebrities, and business officials like Elon Musk, Bill Gates, Kanye West, and many more, wherein a tweet surfaced on all of them with a bitcoin address.
The social media platform, along with the FBI, has been investigating the scam since then. It informed earlier that 130 Twitter accounts compromised including the ones where the tweets posted. It wasn’t sure till then whether the hackers have been able to download any personal data from any of these accounts or not.
Although, on Friday it has been revealed by Twitter through a blog post that 8 accounts in total had their messages downloaded by hackers while the Bitcoin scam was going on. This includes their phone numbers, email address, and personal messages.
As it has been confirmed, the hackers attempted to download the entire data from ‘Your Twitter data archive’ for those eight accounts. It has also been pointed out that the hackers might have been able to read the information available on the 130 impacted accounts, but none of the verified accounts had their messages stolen completely. A location history check was also done by Twitter to get something on the investigation.
There is a lot of speculation that is going on around who the owners of these accounts might be. Twitter is not willing to release a list of these accounts publicly. Still, to address the speculation, it confirmed that none of these accounts are verified accounts, and only the specific account owners have been informed about the breach.
It also reported that along with the 8 accounts that had their personal information stolen, 45 in total went through a password reset the same day, which was performed by the hackers. It is very uncertain as to why the attackers didn’t download personal information from all these accounts and only eight specifically.
Many theories have come up amidst the ongoing investigation, and multiple reports have come up with highlighted accounts from posters on the “OGUsers” gray market forum where sometimes many verified accounts are trafficked.
Sources have mentioned an account going by the name ‘Kirk’ that was found to be claiming to be a Twitter employee on the platform. The account was offering takeovers on any account during the same time, and the money he was collecting was through the same address as it was posted in the tweets that came through the verified accounts on Wednesday this week on Twitter.
It is believed that ‘Kirk’ from the same account was able to get access to the social media platform’s internal channels where credentials were found by him/her to be able to access the internal tools. As Twitter has also confirmed, “The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections.” Internal employee tools were a key factor for hackers to be able to launch this attack.
Image Source: The Verge