Twitter says hack targeted 130 accounts, company is ‘embarrassed’ and ‘sorry’

The Twitter logo and binary cyber codes are seen in this illustration taken November 26, 2019. (Reuters)

Twitter says the hack that compromised the accounts of some of its most high-profile users targeted 130 people. The hackers were able to reset the passwords of 45 of those accounts.

The San Francisco-based company said in a blog post Saturday that for up to eight of these accounts the attackers also downloaded the account’s information through the “Your Twitter Data” tool. None of the eight were verified accounts, Twitter said, adding that it is contacting the owners of the affected accounts.

For all the latest headlines follow our Google News channel online or via the app.

“We’re embarrassed, we’re disappointed, and more than anything, we’re sorry. We know that we must work to regain your trust, and we will support all efforts to bring the perpetrators to justice,” Twitter said in the blog post.

The July 17 attack broke into the Twitter accounts of world leaders, celebrities and tech moguls in one of the most high-profile security breaches in recent years. The attackers sent out tweets from the accounts of the public figures, offering to send $2,000 for every $1,000 sent to an anonymous Bitcoin address.

It highlighted a major flaw with the service millions of people have come to rely on as an essential communications tool.

Allison Nixon, chief research officer at cybersecurity firm 221B said in an email Sunday that the people behind the attack appear to have come from the “OG” community, a group interested in original, short Twitter handles such as @a, @b or @c, for instance.

"Based upon what we have seen, the motivation for the most recent Twitter attack is similar to previous incidents we have observed in the OG community — a combination of financial incentive, technical bragging rights, challenge, and disruption,” Nixon wrote. “The OG community is not known to be tied to any nation state. Rather they are a disorganized crime community with a basic skillset and are a loosely organized group of serial fraudsters.”

While this attack did not appear go further than the Bitcoin ruse — at least for now — it raises questions about Twitter’s ability to secure its service against election interference and misinformation ahead of the US presidential election.

“Entire markets and potentially elections may be manipulated or altered in this way,” Nixon said. "Victims of account takeovers generally do not know that the fraud has occurred, and generally cannot take security precautions to prevent it.”

Read more:

US officials demand answers to Twitter hacking; company has no security chief

Twitter: Hackers ‘manipulated’ employees to access accounts in a high-profile attack

Hackers convinced, paid Twitter employee to help them hijack accounts: Motherboard

SHOW MORE
Last Update: Monday, 20 July 2020 KSA 03:15 - GMT 00:15
Top