Twitter has confirmed that 130 accounts were targeted and 45 were compromised in a security breach earlier this week.
As we’ve been informing via the @TwitterSupport account, on Wednesday, July 15, 2020, we detected a security incident at Twitter and took immediate action. As we head into the weekend, we want to provide an overview of where we are.
Twitter says that attackers targeted “certain Twitter employees through a social engineering scheme”, in the context, “the intentional manipulation of people into performing certain actions and divulging confidential information.” A recent Motherboard report claims hackers simply paid off a Twitter insider to do their work for them.
Twitter says “a small number of employees” were successfully manipulated, and their credentials used to gain access to internal systems, bypassing 2FA protections.
It says 130 accounts were targeted. 45 of those had their passwords reset, and the attackers were able to login to those accounts and send rogue tweets. Tweets sent from accounts like Apple, Barack Obama, Bill Gates, and more asked users to send Bitcoin to an address with the promise it would be doubled. Twitter also believes the attackers may have attempted to sell the usernames of compromised accounts.
More disturbingly, Twitter says the information of eight accounts was downloaded through ‘Your Twitter Data’:
For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. This is a tool that is meant to provide an account owner with a summary of their Twitter account details and activity. We are reaching out directly to any account owner where we know this to be true. None of the eight were verified accounts.
This includes account history, apps and devices, activity, interests and ad data, contacts, Tweet history, apps with access to your Twitter, muted and blocked accounts, profile info, Direct Messages, media, and more.
Twitter says it is continuing to investigate the attack alongside law enforcement. Twitter reiterates that the vast majority of Twitter users were not affected by the incident. Of the 130 that were, attackers were not able to view previous passwords but were able to see personal information including email addresses and phone numbers. Of the 45 accounts taken over, the damage is unclear but certainly worse.
Twitter says it is also working to restore access to account owners still locked out since the breach, mainly users who have reset their passwords in the last 30 days.
Twitter said it was “acutely aware of our responsibilities to the people” who use its service, adding that it was “embarrassed”, “disappointed”, and “more than anything, we’re sorry.”