Washington, Jul 18 (efe-epa).- Twitter said that the hackers behind this week’s attack on 130 accounts managed to access the private data of as many as eight users.
None of those eight individuals had a verified account, the San Francisco-based social media giant said, which means that hackers did not access private data of any of the high-profile figures, including Barack Obama and Bill Gates, whose accounts were commandeered Wednesday as part of a Bitcoin scam.
“The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections,” the company said, offering no details about the manipulation.
“As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets,” the company said.
The tweets in question urged readers to send Bitcoin with a promise that they would receive double the amount in return.
“I am giving back to the community. All Bitcoin sent to the address below will be sent back doubled! If you send $1,000, I will send back $2,000. Only doing this for 30 minutes,” said a message posted on the account of former Vice President Joe Biden.
Similar appeals went out on accounts belonging to Obama, Gates, Jeff Bezos, Elon Musk and Kim Kardashian West, among other prominent people.
The hackers also took over the accounts of major corporations such as Apple and Uber and some of the tweets sought to entice people with offers of millions of dollars in Bitcoin.
“For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our ‘Your Twitter Data’ tool. This is a tool that is meant to provide an account owner with a summary of their Twitter account details and activity. We are reaching out directly to any account owner where we know this to be true,” the company said.
More than 500 people were duped by the tweets into sending more than $120,000 in Bitcoin, according to Chainalysis, a firm specializing in blockchain monitoring and compliance.
Twitter said its security team saw indications that the hackers have tried to sell some of the usernames targeted in the attack.
The company said it was consulting with law enforcement as it pursued its investigation of the hack and weighed “longer-term actions we should take to improve the security of our systems.”
The note concluded with an apology.
“We’re embarrassed, we’re disappointed, and more than anything, we’re sorry. We know that we must work to regain your trust, and we will support all efforts to bring the perpetrators to justice,” Twitter said. EFE