[ad_1]
Leon Neal/Getty Images
Twitter says a total of 130 accounts were hacked in some fashion during a cybersecurity breach on Wednesday that affected some of its most prominent users, including Joe Biden and Kanye West. In a blog post published Friday night, the company explained that the perpetrators downloaded personal data for up to eight of 130 compromised accounts.
Twitter officials did not specify exactly which eight accounts were affected — though they said that “none of the eight were verified accounts,” by which the company means none of them was the official account of a public figure.
“The most important question for people who use Twitter is likely — did the attackers see any of my private information?” the company said in its update Friday. “For the vast majority of people, we believe the answer is, no.”
But the company went on to say that hackers were able to view email addresses, phone numbers and in some cases “additional information.”
Along with West and the presumptive Democratic presidential nominee, the accounts of former President Barack Obama and billionaire businessmen Elon Musk and Jeff Bezos — among others — all tried to coax Bitcoin payments from followers with a fake pledge to double their money in return.
Even major companies such as Uber and Apple were co-opted into the scam.
Within hours, Twitter had removed the posts and even temporarily blocked verified accounts from tweeting or resetting their passwords.
Twitter officials now say they have a better idea of what happened in the first place. In a lengthy statement, the company laid out what its probe has turned up so far:
“The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets.”
There is a lot speculation about the identity of these 8 accounts. We will only disclose this to the impacted accounts, however to address some of the speculation: none of the eight were Verified accounts.
— Twitter Support (@TwitterSupport) July 18, 2020
In some cases, company officials added, the as yet unidentified attackers tried to sell usernames, as well. The company said it is “working with law enforcement” and will continue its investigation into the incident.
“We’re acutely aware of our responsibilities to the people who use our service and to society more generally,” the company said. “We’re embarrassed, we’re disappointed, and more than anything, we’re sorry.”
[ad_2]
Source link