This week’s epic Twitter hack targeted about 130 accounts, although only a “small subset” were actually hijacked, according to the company.
“Based on what we know right now, we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident,” Twitter said in a Thursday update. “For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts.”
The hackers took control of internal tools by paying a Twitter insider for the access, Motherboard reports. This allowed them to change the registered email addresses on targeted accounts, at which point the hackers were likely able to reset account passwords and even revoke two-factor authentication settings, paving the way for the takeovers.
Ultimately, accounts belonging to public figures including Barack Obama, Bill Gates and Elon Musk were compromised. The attackers tweeted out a Bitcoin scam, which managed to collect over $119,000. The hack was so swift and brazen, it seemed like the culprits had access to any account they desired. Official profiles belonging to Apple, Uber, Jeff Bezos, Joe Biden, and Kim Kardashian West were also accessed, giving the attackers a massive platform to promote their scheme.
One lingering question is whether the attackers had access to the accounts’ private direct messages, potentially exposing juicy information. Twitter is still trying to determine the answer. However, the company says the attackers never had access to user passwords.
As for who pulled off the hack, evidence is emerging that the user behind the Twitter account @shinji was one of those responsible. In the midst of Wednesday’s epic hack, the account briefly tweeted a screenshot of the internal admin tool Twitter uses to control people’s accounts. At one point, @shinji also bragged about hijacking another Twitter account.
Twitter has since shut down the @shinji account, and has been deleting screenshots of the internal admin tool he posted. According to security journalist Brian Krebs, the @shinji account may belong to a 21-year-old UK resident, who’s been active in the hacking community.
Fortunately, the goal of this week’s hack appears to be a Bitcoin scam. However, US lawmakers are worried more devious actors could pull off a similar scheme to manipulate an election or start a war.
“It is not difficult to imagine future attacks being used to spread disinformation or otherwise sow discord through high-profile accounts, particularly through those of world leaders,” US Senator Roger Wicker (R-Mississippi) wrote in a letter to Twitter CEO Jack Dorsey that demands details about the hack.
According to The New York Times, President Donald Trump’s Twitter account has been under a “special kind of lock-and-key” protection since 2017, when a Twitter contractor temporarily deleted the President’s account.
In the meantime, Twitter is still investigating the incident, which is resulting in the temporary shutdown of certain features, including downloading your Twitter data. “We have also been taking aggressive steps to secure our systems while our investigations are ongoing,” the company added. “We’re still in the process of assessing longer-term steps that we may take and will share more details as soon as we can.”