Twitter says hackers downloaded data from up to 8 accounts

Twitter said late Friday that hackers who hijacked the accounts of high-profile users including former US President Barack Obama and Microsoft founder Bill Gates to tweet out a bitcoin scam this week also downloaded the data from up to eight accounts.

The company didn’t identify who owned the accounts, but said they weren’t verified. Obama, Gates and other prominent users such as Tesla CEO Elon Musk and rapper Kanye West who had their accounts compromised have verified Twitter accounts. When a user downloads their Twitter data, it includes direct messages, photos, videos, their address book and other information.

“In cases where an account was taken over by the attacker, they may have been able to view additional information,” Twitter said in a blog post on Friday night. “Our forensic investigation of these activities is still ongoing.”

Politicians and cybersecurity experts have raised concerns in the wake of the widespread hack that the direct messages of some of the most powerful people in the world could have been accessed during the attack on Wednesday. If there’s sensitive information in these messages, hackers could use it for blackmail or ransomware. Twitter’s direct messages aren’t end-to-end encrypted, which would have prevented employees from reading the private messages.

On Thursday, Twitter said that the company believes that hackers targeted the Twitter accounts of 130 users. Twitter said Friday that hackers were able to reset the passwords of 45 accounts, giving them the ability to log into the accounts and tweet. The attackers may have tried to sell some of the usernames as well.

The company said it believes the attackers weren’t able to view a user’s previous passwords. They were able to view personal information including email addresses and phone numbers, Twitter said.

Twitter declined a request for a full list of the targeted accounts in light of its ongoing investigation, in which it’s “continuing to assess whether non public data related to these accounts was compromised.”

Although Twitter has faced the problem of cryptocurrency scams in the past, the size of Wednesday’s attack is unusual, casting a spotlight on the potential security vulnerabilities of the popular social media platform. Twitter said it thinks that attackers were able to bypass the account’s security protections such as two-factor authentication after they “successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems.” The company didn’t say if the employees were tricked into handing over these credentials or were bribed.

On Wednesday, the accounts of dozens of internationally famous figures spanning tech, politics and entertainment posted similar tweets soliciting donations via Bitcoin. Apple, Uber and other businesses were also caught up in the sprawling hack, which Twitter later attributed to a social engineering attack on its employees. 

“Everyone is asking we to give back, and now is the time,” a now-deleted tweet from Gates’ said, pledging to double all payments to a Bitcoin address for the next 30 minutes.

“I’m feeling generous because of Covid-19,” Musk’s tweet said. “I’ll double any BTC payment sent to my BTC address for the next hour. Good luck, and stay safe out there!” All the tweets were subsequently deleted and verified Twitter accounts, those with a blue check, were temporarily silenced.

In addition to Twitter, the FBI also announced the launch of probe into the hacking incident.