It’s been a week since the massive hack that Twitter was subjected to, which mainly affected verified accounts of relevant characters and brands, from which a fraudulent campaign with cryptocurrencies was shared.
In addition to the information already known, new information was added that broadens the scope of this incident. Among those, the confirmation that this situation also affected the private messages of some accounts and even the complete archive of eight other unverified accounts stands out.
Recapping some details of this episode, a week ago began this real headache for Twitter.
After the appearance of a series of spam messages in dozens of verified accounts, from the social network confirmed that they were victims of an attack, using social engineering techniques applied to gain access to the administrative profiles of officials of the platform. The New York Times later confirmed that credentials for access to the Twitter administrative panel were obtained by hackers from an employee Slack channel.
With the passage of the days, it was confirmed that in total there were 130 accounts with which the attackers could interact, among which 45 suffered a password change.
Private messages committed to hacking
Updating the information shared after the uncovering of this episode, Twitter added to its statement a paragraph in which new information collected during the investigation into what happened with the aforementioned hack last week are detailed, providing more specific data.
According to the estimates discussed above, Twitter presumes that the attackers had access to the inbox of direct messages from 36 of the 130 accounts that were targeted during the attack, including a high-ranking elected official in the Netherlands, whose identity was withheld.
According to the above, there are currently no indications that in the midst of this hack another account of a public office of similar magnitude has been the victim of a violation of this type.
In response to press inquiries, Twitter declined to confirm or deny whether any of the 36 accounts were verified.
Twitter files downloaded after the attack
As with other social networks, Twitter users can download a file from their account, which contains almost all the material shared through the social short message network.
Out of the 45 verified accounts that shared fraudulent tweets after the attack and the aforementioned 36 accounts with the message tray compromised, eight other unverified accounts were attacked through another mechanism: downloading your Twitter files.
In addition to tweets, this file contains personal information about each account, such as their phone numbers, email addresses and also the direct message file. These records exclude passwords used.
On this point, Twitter has not revealed any further information. He has only emphasized that none of the accounts affected by this part of the incident is verified.
This attack, historic for Twitter, takes on new hues when it was confirmed that its scope was greater than expected after knowing the first information a week ago.
At the police level, in addition to the tracking work done internally on the social network, the FBI is investigating this case from its office in San Francisco, in the United States where Twitter has its headquarters.
During the course of this investigation, Twitter has been constantly publishing news through its support account, in order to provide the greatest possible transparency and thus reduce speculation.
