Twitter Says Hackers Accessed the Direct Messages of 36 Accounts in Last Week's Breach

by

Twitter is continuing to investigate last week's security breach that saw the Twitter accounts of Apple and other high-profile figures and companies hacked by bitcoin scammers, and today the social media company confirmed that hackers accessed the Direct Messages of 36 Twitter accounts.

apple bitcoin hack
Twitter previously said that no passwords were stolen in the hack, which was a "coordinated social engineering attack" that targeted Twitter employees. Hackers were able to gain access to employee credentials, using that information to access Twitter's internal systems, including bypassing two-factor authentication protections.


The internal tools were used to target 130 accounts, and for 45 of those accounts, hackers initiated a password reset and had full access to the account to send tweets. For eight of the Twitter accounts, the attackers downloaded account information through the "Your Twitter Data" tool that provides Twitter account details and activity, but none of the eight accounts targeted in this way were verified accounts.

For the 130 accounts that were breached, which included the accounts of Tesla CEO Elon Musk, former U.S. President Barack Obama, former Microsoft CEO Bill Gates, Amazon CEO Jeff Bezos, presidential candidate Joe Biden, and others, hackers were able to see personal information like email addresses and phone numbers, and for some accounts taken over, additional information was available.

Twitter has not provided specific details on which of the 36 accounts saw their DMs breached, but hackers did access the DMs of one elected official in the Netherlands. No other former or current elected official had their DMs accessed.

Twitter is communicating directly with the account holders that were impacted and is further securing its system to prevent future attacks. As part of its efforts to stop something similar from happening again, Twitter is rolling out additional company-wide training to guard against social engineering tactics.

Tag: Twitter

Popular Stories

iOS 18 and AirPods Pro Feature

iOS 18 to Bring These 5 New Features to AirPods Pro

Wednesday June 26, 2024 6:59 am PDT by
Apple's upcoming iOS 18 software update is packed with features for supported iPhones, but it also promises to make your AirPods Pro experience better with a handful of sophisticated new capabilities that draw from machine learning improvements and AI enhancements. The following five AirPods Pro features are expected to arrive later this year, when iOS 18 is released to the general public in ...
Read Full Article59 comments
verizon

International Roaming Outage Affecting Verizon, AT&T, T-Mobile Customers [Updated]

Thursday June 27, 2024 2:49 am PDT by
There appears to be an ongoing outage with international roaming across multiple cellular networks, with Verizon, AT&T, and T-Mobile customers abroad complaining about the issue on social networks and cellular community forums. Customers traveling internationally have been without service since late Wednesday for hours at a time, with many losing cellular, text, and data. That has left many...
Read Full Article81 comments
apple watch x 91mobiles

Alleged First Look at Apple Watch X / Series 10 With 2-Inch Display

Wednesday June 26, 2024 2:44 am PDT by
Apple is rumored to be planning a revamp of the Apple Watch for the device's tenth anniversary, and 91mobiles claims to have sourced CAD renders of what could be the "Apple Watch X" or Apple Watch Series 10 from industry insiders. The site claims that the renders are of a "larger" model featuring a 2-inch display. The current Apple Watch Series 9 has a 1.7-inch display, while the Apple Watch ...
Read Full Article195 comments
iphone 16 pro battery kosutami

Report: Apple Planning to Debut New Battery Replacement Method With iPhone 16

Friday June 28, 2024 7:38 am PDT by
Apple is working on technology to simplify iPhone battery replacement that could debut later this year, The Information reports. Alleged iPhone 16 Pro battery with new metal casing. The move comes in response to a new EU law requiring smartphone manufacturers to ensure batteries can be replaced by owners using easily accessible tools by 2025. According to sources involved in the iPhone's...
Read Full Article146 comments
airpods pro 2 pink

Apple Releases New Firmware for AirPods, AirPods Pro, AirPods Max and More

Tuesday June 25, 2024 12:35 pm PDT by
Apple today released new firmware update for several products, including the Lightning and USB-C versions of the AirPods Pro 2, the first-generation AirPods Pro, the AirPods Max, the second and third-generation AirPods, the Beats Fit Pro, and the PowerBeats Pro. The second-generation AirPods Pro models, the PowerBeats Pro, and the Beats Fit Pro now have firmware version 6F8, up from 6F7,...
Read Full Article60 comments
maxresdefault

Hands-On With the iPad Pro's Nano-Texture Glass - Is It Worth the Upgrade?

Thursday June 27, 2024 11:39 am PDT by
The M4 iPad Pro models that Apple released earlier this year have a display upgrade option that allows you to purchase nano-texture display glass, which is supposed to cut down on glare. Subscribe to the MacRumors YouTube channel for more videos. We've already reviewed the iPad Pro, but we thought we'd revisit the nano-texture glass upgrade to see if it's worth the purchase price. First...
Read Full Article92 comments

Top Rated Comments

Apple_Robert Avatar
Apple_Robert
52 months ago
I am glad I got rid of Twitter a while back. I am social media free on my devices, except for MacRumors. :D
Score: 17 Votes (Like | Disagree)
Populus Avatar
Populus
52 months ago

Stoked the USA didn't "declare war" during this debacle.
Wow, I hadn't thought about what they (the hackers) could have done if they had accessed certain leader twitter... It gives me the shivers.


I am glad I got rid of Twitter a while back. I am social media free on my devices, except for MacRumors. :D
I did too, 6 years ago (more or less) and I'm glad to be free of all that tension, hate and aggressiveness I sometimes see on Twitter.
Score: 11 Votes (Like | Disagree)
jchap Avatar
jchap
52 months ago
"Social engineering" = "hacked by someone inside Twitter, who had the knowledge, ability and motivation to do this." Of course, Twitter implies that the perpetrator was outside of the company, and they seem to be inferring that Twitter's employees were somehow coerced or "socially engineered" into doing this without their knowledge.

No amount of internal training will prevent this kind of result.

Twitter needs to review their protocols that allow employees to access and modify said data in the first place. Someone had full access to a database that should have been carefully restricted only to those who absolutely required access for legal reasons. Did Twitter even go through any internal procedure leading up to the insider gaining said access? Companies that are careful about such things will keep their servers in secure and locked rooms, and meticulously log and monitor all access. They should absolutely know who was in there and which employee accessed their database, unless they are so inept that they have no access logging system.

If the DM database(s) was/were accessible anywhere inside of their corporate network outside of a select few, that is a major problem in and of itself. The fact that Twitter allows this sort of coordinated attack (whether the perpetrator was inside or outside of Twitter's corporate network) to even be possible says something about their security practices.

Ask yourself: do I want to participate in a social network, which is hosted by a company that allows its employees access to my direct messages without just legal cause?
Score: 10 Votes (Like | Disagree)
Makosuke Avatar
Makosuke
52 months ago
It's impressive and extremely lucky that these were small-time and uncreative hackers who apparently hit the social-engineering jackpot--they could have caused a truly disturbing amount of international or financial market chaos but basically just used it on a lame Bitcoin scam and selling a few low-character-count usernames.

Imagine what a well-planned, coordinated action by a state actor, dedicated group of terrorists, clever anarchists, or big-time financial market scammers could have accomplished.

You can be pretty sure that whoever they are they are reconsidering the success of their scam--there is absolutely no way $100K or so split more than one way is worth the international manhunt that's almost certain to result from this.
Score: 7 Votes (Like | Disagree)
ghanwani Avatar
ghanwani
52 months ago

Twitter is communicating directly with the account holders that were impacted...
Gates, Obama, Musk and other big guys all communicating with Twitter's frustrating customer service. haha
Score: 4 Votes (Like | Disagree)
nvmls Avatar
nvmls
52 months ago

Gates, Obama, Musk and other big guys all communicating with Twitter's frustrating customer service. haha
"Welcome to Twitter CS. if you are a celebrity please dial 1"
Score: 4 Votes (Like | Disagree)
Read All Comments