A week has already passed since the massive hack that Twitter was subjected to, which mainly affected verified accounts of relevant characters and brands, from which a fraudulent campaign with cryptocurrencies was shared.
To the already known antecedents, new information was added that broadens the scope of this incident. Among those, the confirmation that this situation also affected the private messages of some accounts and even the complete archive of eight other unverified accounts stands out.
Recapping some details from this episode, this real Twitter headache started a week ago.
After the appearance of a series of messages from spam In dozens of verified accounts, the social network confirmed that they were victims of an attack, using social engineering techniques applied to gain access to the administrative profiles of platform officials. Later, the New York Times confirmed that the Twitter admin panel login credentials were obtained by hackers from an employee Slack channel.
As the days passed, it was confirmed that in total there were 130 accounts with which the attackers could interact, among which 45 suffered a password change.
Private messages compromised with the hack
Updating the information shared after the uncovering of this episode, Twitter added to its statement a section detailing new information gathered during the investigation into what happened with the aforementioned hack last week, providing more specific data.
According to the estimates already mentioned, Twitter presumes that the attackers had access to the direct message inbox of 36 of the 130 accounts that were targeted during the attack, including a high-ranking elected official in the Netherlands, whose identity it was kept under reserve.
According to what has been pointed out, at the moment there are no indications that in the middle of this hack another account of some public official of similar magnitude has been the victim of a violation of this type.
In response to inquiries from the press, Twitter declined to confirm or deny whether among those 36 accounts there were any verified.
We believe that for up to 36 of the 130 targeted accounts, the attackers accessed the DM inbox, including 1 elected official in the Netherlands. To date, we have no indication that any other former or current elected official had their DMs accessed.
– Twitter Support (@TwitterSupport) July 22, 2020
Twitter files downloaded after the attack
As in other social networks, Twitter users can download a file from their account, which contains almost all the material shared through the social network of short messages.
Out of the 45 verified accounts that shared fraudulent tweets after the attack and the aforementioned 36 accounts with a compromised inbox, eight other unverified accounts were targeted through another mechanism: downloading their files from Twitter.
In addition to tweets, this file contains personal information for each account, such as their phone numbers, email addresses, and also the direct message file. These records exclude the passwords used.
Regarding this point, Twitter has not revealed more information. It has only been commissioned to emphasize that none of the accounts affected by this part of the incident is verified.
8 is the number of accounts where an archive of “Your Twitter Data” was downloaded. This includes all of * your * account activity including DMs. None of the YTD downloads impacted Verified accounts. https://t.co/CchxHDTX2z
– Twitter Support (@TwitterSupport) July 23, 2020
This attack, historic for Twitter, takes on new dyes when it is confirmed that its reach was greater than expected after learning the first information a week ago.
At the police level, in addition to the tracking work carried out internally on the social network, the FBI is investigating this case from its office in San Francisco, a US town where Twitter has its headquarters.
During the course of this investigation, Twitter has been constantly posting news through its support account, in order to provide as much transparency as possible and thus reduce speculation.