Security & Fraud

Twitter Hackers Took Personal Data From Celebrity Accounts

Twitter

Twitter has provided a glimpse into its investigation of last week’s security breach, the worst in its 14-year history, as hackers commandeered more than 100 high-profile accounts.

“At this time, we believe attackers targeted certain Twitter employees through a social engineering scheme,” the San Francisco-based microblogging service wrote on its blog over the weekend.

Twitter said the cyberattackers managed to manipulate a “small” number of employees’ accounts and used their credentials to access Twitter’s internal systems to divulge confidential information.

The breach targets included presumed Democratic presidential nominee Joe Biden, reality star Kim Kardashian, former President Barack Obama, Microsoft’s Bill Gates, entrepreneur Elon Musk and investor Warren Buffett.

On Musk’s account, a tweet appeared asking for bitcoin, promising to double all payments sent to an address.

The hackers used internal tools to target 130 Twitter accounts. Of that number, the attackers reset passwords, logged into the accounts and sent tweets from 45 of them.

“We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken,” Twitter wrote. “In addition, we believe they may have attempted to sell some of the usernames.”

The attackers downloaded the account’s information through “Your Twitter Data” from as many as eight of the Twitter accounts involved. The tool provides account owners with a summary of their Twitter activity.

While attackers were unable to see previous account passwords, they did capture personal information, including email addresses and phone numbers, and in some cases, hackers may have been able to view additional information.

Twitter said it learned of the attack on Wednesday (July 15) and locked down and regained control of the compromised accounts. The FBI has launched an investigation.

“Our incident response team secured and revoked access to internal systems to prevent the attackers from further accessing our systems or the individual accounts,” Twitter wrote.

As word of the hack spread on Thursday (July 16) , the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) warned financial institutions of a high-profile scam exploiting Twitter accounts to try to scam convertible virtual currency from account holders.

Twitter said for now it will not provide details on how it plans to fix the problem going forward.

“We’re embarrassed, we’re disappointed, and more than anything, we’re sorry,” Twitter wrote. “We know that we must work to regain your trust, and we will support all efforts to bring the perpetrators to justice.”

——————————

LIVE PYMNTS TV OCTOBER SERIES: POWERING THE DIGITAL SHIFT – B2B PAYMENTS 2021 

Banks, corporates and even regulators now recognize the imperative to modernize — not just digitize —the infrastructures and workflows that move money and data between businesses domestically and cross-border.

Together with Visa, PYMNTS invites you to a month-long series of livestreamed programs on these issues as they reshape B2B payments. Masters of modernization share insights and answer questions during a mix of intimate fireside chats and vibrant virtual roundtables.

TRENDING RIGHT NOW