Twitter is continuing its investigation into the security breach that last week broke into the Twitter accounts of Apple and other celebrities and companies by Bitcoin scammers. Local time on Wednesday confirmed that hackers had accessed direct messages to 36 Twitter accounts.
Twitter has previously said that no passwords were stolen in the hack, a “coordinated social engineering attack” on Twitter employees. Hackers have access to employee credentials and access Twitter’s internal systems, including bypassing two-factor authentication protection.
Internal tools were used to attack 130 accounts, of which 45 were used by hackers to reset passwords and have full access to that account to send tweets. For eight of the Twitter accounts, the attacker downloaded account information through the “Your Twitter Data” tool, which provided details and activity on Twitter accounts, but none of the eight accounts targeted in this way were verified.
Among the 130 accounts hacked, including those of Tesla CEO Elon Musk, former Us President Barack Obama, Microsoft co-founder Bill Gates, Amazon CEO Jeff Bezos, presidential candidate Joe Biden and others, hackers were able to see personal information such as email addresses and phone numbers, and for some of the accounts that were taken over, more information was available.
Twitter did not provide specifics on which of the 36 accounts were hacked, but the hackers did access direct information from an elected official in the Netherlands. No other former or current elected officials were visited.
Twitter is communicating directly with affected account holders and further securing its systems against future attacks. As part of its efforts to prevent similar incidents from happening again, Twitter is rolling out additional company-wide training to guard against social engineering strategies.