Twitter revealed on Wednesday that hackers who had taken over accounts of approximately 130 people in a seemingly bitcoin scam were able to access direct messages.
Twitter said that the hackers had targeted 36 direct inboxes for tweets, including one for a Dutch elected official. Direct messages are identical to mobile text messages, which are normally considered private. The disclosure may cause users to lose confidence in the ability of the service to prevent outsiders from reading confidential messages.
NOTABLE KEY POINTS
- Twitter said 36 of the 130 overall compromised users had their direct message inbox breached by the hackers.
- The organization said one elected official in the Netherlands had their direct communications compromised, but claims that their communications have not been obtained by any other current or former elected official.
- The Dutch politician was not identified by Twitter, although the Wall Street Journal confirmed that Geert Wilders, who is considered to be an Islamophobic “Dutch Donald Trump,” was allegedly a victim.
- Hackers hacked accounts from scores of high-profile personalities last week, including Michael Bloomberg, Warren Buffett, and Elon Musk, to tweet a complex bitcoin scam.
Wednesday’s unveiling of Twitter complicates an already ambiguous image of who the hackers were and what they were after.
Among other prominent figures, the hackers have been able to tweet accounts for Democratic presidential nominee Joe Biden, former President Barack Obama and Tesla CEO Elon Musk.
While several of the most high-profile hacked accounts tweeted a scam calling for bitcoin, an analysis of cryptocurrency transactions found that the account listed by the hackers actually raised $121,000, which seems to be a small amount for such a historic hack that included exposure to a major social network within.
Twitter said it didn’t think the hackers were looking at DMs with some other political official aside from the Dutch leader.
Nevertheless, direct communications from these accounts and other influential victims may include non-public information or images sent by or to major figures that could be exploited or marketed by hackers in the future at a later stage.
Last week Twitter said the attackers had accessed take-out information for eight accounts using the “Your Twitter Data” app.
There is a lot speculation about the identity of these 8 accounts. We will only disclose this to the impacted accounts, however to address some of the speculation: none of the eight were Verified accounts.
— Twitter Support (@TwitterSupport) July 18, 2020