Twitter continues to inform users about its investigation into a massive security breach two weeks ago when hackers seized control of the celebrity accounts of Joe Biden, Kim Kardashian, Bill Gates and dozens of other A-listers.
The San Francisco-based social networking service and the FBI are investigating the worst cyberattack in Twitter’s 14-year history, as hackers commandeered more than 100 high-profile accounts.
The July 15 attack “relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” Twitter said on its blog.
The company followed up with a tweet. “By obtaining employee credentials, they were able to target specific employees who had access to our account support tools.”
On Thursday (July 30) Twitter said of the 130 accounts targeted in the operation, tweets were sent out from 45 accounts. The hacked accounts included Apple, Elon Musk and Jeff Bezos, while three dozen DM inboxes, which allows users to send a direct message to anyone on Twitter, were accessed. In addition, hackers downloaded undisclosed “Twitter Data” from seven accounts, the company said.
The cybercriminals asked followers to send bitcoin to a single wallet. The scammers made off with about $100,000.
Since the attack, Twitter said it has limited access to internal tools and systems to ensure ongoing account security while the investigation is completed.
As a result, some features, such as Your Twitter Data have been impacted.
“We will be slower to respond to account support needs, reported Tweets, and applications to our developer platform,” the blog noted. “We’re sorry for any delays this causes, but we believe it’s a necessary precaution as we make durable changes to our processes and tooling as a result of this incident.”
The attack drew the attention of lawmakers.
Senator Josh Hawley (R-Missouri) wrote to Twitter CEO Jack Dorsey seeking a fuller explanation of how cybercriminals managed to get through Twitter’s two-factor authentication.
“I am concerned that this event may represent not merely a coordinated set of separate hacking incidents but rather a successful attack on the security of Twitter itself,” he wrote. “As you know, millions of your users rely on your service not just to tweet publicly but also to communicate privately through your direct message service. A successful attack on your system’s servers represents a threat to all of your users’ privacy and data security.”