Twitter following the hack last week has revealed that over 100 high-profile users' direct messages have been accessed by hackers, including that of an elected official in the Netherlands.
The attack has caused numerous popular accounts of politicians and celebrities taken over and tweeting a Bitcoin scam, which had unfortunately netted at least six figures, according to TechCrunch.
Twitter said that a "coordinated social engineering attack" gave hackers "access to internal systems and tools." Due to the incident, Twitter had to temporarily prevent verified users from tweeting, a change that has received a positive response.
In an update to its blog and via tweets, Twitter said that they are now working to users that have been victimized by the security breach while informing people that "for up to 36 of the 130 targeted accounts, the attackers accessed the DM inbox."
In the immediate aftermath of the attack, Twitter chose to stay mum when it was questioned whether DMs had been accessed by the hackers. Unlike other messaging platforms that have since followed the security trend these days, Twitter's own is not well encrypted. It's also not clear whether the administrative tools that hackers have exploited offered access to inboxes.
According to the New York Times, the hackers behind the attack were young, individual actors who wanted to sell coveted Twitter handles such as "@y," in spite of the hacks expanse. Twitter said the hackers got access to its internal systems with a successful "social engineering" attack on several employees. Social engineering is a technique used by hackers to dupe users into clicking on malicious links or giving away sensitive data by crafting fake emails or other messages.
The FBI is already investigating the hack.
The method used to hack the accounts also gave attackers access to DMs quickly, but it's not clear why the hackers simply didn't avail themselves of the opportunity for the remaining 94 accounts they took over. In a previous update, Twitter said that it does not have evidence whether the hackers gained access to passwords -- the company did not include the information in its announcement.
While one elected official was among the victims of breached DMs, Twitter saying that no other public officials have been victimized is good news, considering the accounts of Barack Obama and Joe Biden were among those affected.
Security breach cases have risen since the beginning of the pandemic. Unfortunately, this won't be the last case of cyberattack we'll be hearing.
