Sponsored Links

Engadget

Ever since Wednesday’s “bitcoin scam” hack where attackers used Twitter’s internal tools to take over a number of high profile accounts, there’s been speculation about what they were truly after.

While tweets from hijacked accounts claimed to seek Bitcoin, the accounts accessed — and any others potentially accessed — could be far more valuable for the non-public information they contain, like linked address books and direct messages. As far as we know, that includes information for people like Joe Biden, Barack Obama, Elon Musk, Bill Gates and Warren Buffett, but those are only the ones we know about.

Late Friday night, Twitter confirmed that its investigation shows attackers exported the data on “up to eight of the accounts involved,” without specifying which ones (in a later tweet, the company indicated that none of the eight were Verified accounts). Of the 130 that it had previously said were targeted, Twitter now says the attackers performed a password reset and were able to access 45 of them, but did not specify why they may not have done so on the the others.

Multiple reports, including one on Friday afternoon from the New York Times, have featured accounts from posters on the “OGUsers” gray market forum where high-profile accounts are sometimes traded. By the accounts of their sources, an unknown person going by the name of “Kirk” claimed to be a Twitter employee and offered takeovers on any account, working at times via middle men, and collecting money via the same address advertised in the tweets. According to some of the customers and middlemen from the incident, they apparently believe Kirk access Twitter’s internal Slack channels, and found credentials for accessing its internal admin tools there.

According to Twitter’s own accounting of the incident “The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections.”

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comments
165 Shares

Share

Tweet

Share