Twitter on Saturday disclosed further information about the security incident earlier this week where hackers had gained access to multiple high-profile accounts on the platform.
The cyber-attack was allegedly a part of a major cryptocurrency scam. On the third day of ongoing investigations into the incident, Twitter said that attackers were able to initiate a password reset for 45 of the 130 accounts hacked. They had downloaded data from eight non-verified accounts.
“As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets,” Twitter said.
“For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. We are reaching out directly to any account owner where we know this to be true,” it said.
“There is a lot speculation about the identity of these 8 accounts. We will only disclose this to the impacted accounts, however to address some of the speculation: none of the eight were Verified accounts,” it added.
Twitter has said that the hacking incident involving high-profile accounts including that of Joe Biden, Barack Obama, Jeff Bezos, Elon Musk, Bill Gates, Microsoft, Uber and Apple was a social engineering attack. It has detailed the entire incident in a blog post.
“At this time, we believe attackers targeted certain Twitter employees through a social engineering scheme. What does this mean? In this context, social engineering is the intentional manipulation of people into performing certain actions and divulging confidential information,” the post read.
“The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections,” it added.
Over the weekend and next week, the micro-blogging platform will be working on restoring access for locked accounts. It will continue its investigations into the matter and will comply with law enforcement. As per previous reports, Federal Bureau of Investigation (FBI) of the United States (US) has launched a probe into the matter.
The social media platform will further improve its security and conduct company-wide training related to social engineering tactics to supplement the training employees receive during onboarding and ongoing phishing exercises throughout the year.