Twitter says hackers accessed DMs for 36 users in last week's hack

Hackers targeted 130 accounts, tweeted on behalf of 45, and downloaded data from eight.
Written by Catalin Cimpanu, Contributor

Twitter has provided another update in its investigation into its Wednesday security incident when a group of hackers breached its backend and tweeted a cryptocurrency scam on behalf of high-profile and verified accounts.

The incident became of note because hackers compromised accounts for public figures such as Barrack Obama, Joe Biden, Bill Gates, Elon Musk, Jeff Bezos, Apple, Uber, Kanye West, Kim Kardashian, Michael Bloomberg, and many others.

In light of the highly publicized incident and with all the world's eyes on its response, Twitter has been providing updates on a daily basis since the hack, as security teams sift through the logs in search of what happened and who was behind the intrusion.

These updates have now become quite bulky and convoluted, and as a result, we'll list them below and continue to update this article as Twitter releases new evidence.

  • The incident took place on Wednesday, July 15, 2020.
  • Twitter said hackers used phone-based social-engineering to gain access to Twitter employee accounts.
  • A New York Times report that has yet to be confirmed by Twitter said that hackers breached employee Slack accounts and found credentials for the Twitter backend pinned inside a Slack channel.
  • Twitter said hackers got "through" their two-factor protections but did not specify if it referred to the backend accounts or the Slack accounts.
  • Once hackers accessed the Twitter backend, they Twitter's own internal tech support tools to interact with accounts.
  • Hackers interacted with 130 accounts, according to Twitter.
  • For 45 accounts, hackers initiated a password reset, logged into the account, and sent new tweets to promote their cryptocurrency scam.
  • Twitter said it believes hackers also tried to sell access to some hijacked Twitter accounts, due to highly-coveted usernames.
  • For eight accounts, hackers downloaded account data through the "Your Twitter Data" feature.
  • Twitter said hackers accessed direct messages (DMs) for 36 accounts, including 1 elected official in the Netherlands.
  • None of these eight accounts were verified.
  • Twitter is now reaching out to the eight account owners.
  • Once the hack came to light on Wednesday, Twitter said it blocked all verified accounts from tweeting as it investigated.
  • It then also blocked some users from resetting their password to hackers from taking over new accounts.
  • These limitations lasted for a few hours, and functionality was eventually returned.
  • Twitter said it had no reason to believe the hackers had access to cleartext passwords and will not be resetting user passwords going forward.
  • However, attackers did view information such as email addresses and phone numbers for the targeted accounts.
  • A law enforcement investigation is already underway.
  • Twitter said it restricted the number of employees who can access to its internal tools following the attacks.

Updates will follow as Twitter learns more and shares with the public.

Last update: July 31, 2020.

Facebook's worst privacy scandals and data disasters

Editorial standards