Twitter Admits Hackers Accessed DMs of High-Profile Accounts
Twitter admitted today that the last week’s hack of over 100 very high-profile accounts did in fact expose the direct messages of many of those accounts. This included an elected official in the Netherlands, Geert Wilders. The attack saw numerous popular accounts of celebrities and politicians taken over and tweeting a Bitcoin scam.
Twitter said that a “coordinated social engineering attack” gave hackers “access to internal systems and tools.” Verified users were also briefly prevented from tweeting. In tweets and an update to its blog post on the incident, Twitter said that “for up to 36 of the 130 targeted accounts, the attackers accessed the DM inbox.” The company is also “actively working on communicating directly” with those accounts affected.
Twitter had declined to say in the immediate aftermath of the attack whether DMs had been accessed by the hackers. Twitter’s messaging system is infamously not well encrypted but it was not clear whether the administrative tool reportedly used by the attackers offered access to inboxes.
No matter what method was used, it gave access to DMs some of the time, or perhaps the hackers simply didn’t avail themselves of the opportunity for the remaining 94 accounts they took over. It’s not really clear from Twitter’s announcement. Twitter has previously said that it has “no evidence” that passwords were accessed by the hackers, and nothing in the update contradicts that.
The company’s attempted to place a silver lining on this cloud, saying it had “no indication that any other former or current elected official had their DMs accessed.” Considering the accounts of Barack Obama and Joe Biden were among those affected, that is technically good news. It is certainly possible that this is not the last we hear from Twitter on this security breach.