Hackers were able to download personal data from up to eight Twitter accounts in this week’s major security breach, the company announced Saturday.
In a blog post detailing “an overview of where we are” in the massive hack that stunned both the online and offline worlds, the social media giant provided more details of what’s believed to be its largest-ever cyberattack.
On Wednesday, hackers were able to break into the system and send tweets to promote a Bitcoin scam using the official accounts of people such as former President Barack Obama, presumptive Democratic presidential nominee Joe Biden, Amazon CEO Jeff Bezos, Tesla CEO Elon Musk, as well as the corporate accounts for Uber and Apple.
The incident proved to be a PR nightmare for the microblogging platform, which went into full damage control mode as it explained — and apologized for — the embarrassing situation.
As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets.
Twitter said that the attackers were able to manipulate a “small number of employees” to use their credentials to get into Twitter’s internal systems.
Using tools “only available to our internal support teams,” hackers targeted 130 accounts. For 45 of those, they were able to reset the password, log in and send tweets from them.
Additionally, attackers were also able to download personal information from up to eight of the involved accounts.
None of those were “verified accounts,” which means that no data was downloaded from their most high-profile users.
Twitter said that hackers were not able to view previous account passwords of the targeted accounts, but they were able to view contact information, such as email addresses and phone numbers.
“In cases where an account was taken over by the attacker, they may have been able to view additional information,” the post read, without specifying what type of information they could have accessed.
On Thursday the FBI announced that it had opened an investigation into the hack.
“At this time, the accounts appear to have been compromised in order to perpetuate cryptocurrency fraud,” the bureau’s San Francisco division said in a statement, according to NPR.
Twitter said that the investigation is still ongoing, and the company is “actively working on communicating directly” with the targeted account owners.
“We’re embarrassed, we’re disappointed, and more than anything, we’re sorry. We know that we must work to regain your trust, and we will support all efforts to bring the perpetrators to justice,” the statement read.
“We hope that our openness and transparency throughout this process, and the steps and work we will take to safeguard against other attacks in the future, will be the start of making this right.”