Twitter has finally published a complete blog post detailing the security incident that rocked its platform last week, one that involved the hijacking of several major accounts. According to the company, and as of July 17, Twitter’s investigation indicates that the hackers targeted select employees to get their credentials, which were then used to access the company’s internal systems.
A ‘small number’ of its employees were tricked into giving the hackers their credentials, Twitter said in its first proper blog post on the security incident. Social engineering was used to compromise the accounts, the investigation revealed, enabling the hackers to access internal support team tools. A total of 130 Twitter accounts were targeted as part of the hack, of which 45 were fully hijacked.
In addition to using many of the accounts to perpetuate a Bitcoin scam, Twitter says the hackers also targeted up to eight accounts to steal data. Using the ‘Your Twitter Data’ tool, the unknown individuals were able to download the accounts’ activity history and other account details. None of these accounts were verified, according to the company, but it didn’t specify which eight were impacted.
Beyond this, Twitter’s investigation indicates that the hackers ‘may have attempted to sell some of the usernames.’ The company locked down and took back control of the accounts shortly after the scam tweets went live; it has since restored access to restricted accounts and features, but the investigation continues. Twitter says it is limiting how much info it reveals at this time so that its investigation and security efforts aren’t affected.
The hackers weren’t able to view plain text passwords and the majority of users were not impacted by the hack. Of the 130 accounts, however, Twitter notes that the hackers could see phone numbers, email addresses, and other info revealed by its internal tools. Of the 45 hijacked accounts, ‘they may have been able to view additional information,’ the company says.