Details continue to slowly come out from Twitter around the troubling attack on Wednesday that allowed hackers to tweet a Bitcoin spam message from high profile accounts. Tonight, the company revealed that based on its investigation so far, “we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident. For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts.”
A major question throughout has been whether hackers had access to DMs for accounts we know they compromised (Elon Musk, Bill Gates, Warren Buffett, Barack Obama, Joe Biden and others), or for ones that we don’t know about. Reports suggest whoever had access to its internal tools was prepared to use them days before the attacks started, and that they’d used them to take over other accounts before the spam messages popped up.
Twitter addressed that but did not answer it, saying “We are continuing to assess whether non-public data related to these accounts was compromised, and will provide updates if we determine that occurred.” Also, while users can reset their passwords again, for the time being, exporting your Twitter data is still disabled. We’ll let you know if any other updates come out from Twitter or the FBI.
We’re working with impacted account owners and will continue to do so over the next several days. We are continuing to assess whether non-public data related to these accounts was compromised, and will provide updates if we determine that occurred.— Twitter Support (@TwitterSupport) July 17, 2020
We have also been taking aggressive steps to secure our systems while our investigations are ongoing. We’re still in the process of assessing longer-term steps that we may take and will share more details as soon as we can.— Twitter Support (@TwitterSupport) July 17, 2020