Technology
Twitter says hackers swiped user data during the ‘Verified’ hack
More and more has been coming out about the that went down on Wednesday. However, the latest update from Twitter itself is cause for concern.
In an update posted on Friday night, Twitter ran down what its internal investigation has discovered so far. One piece of previously unknown information: the hacker(s) downloaded the personal account data for up to eight of the accounts which they had access to.
I should make this clear up front: that data includes direct messages.
For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. We are reaching out directly to any account owner where we know this to be true.
— Twitter Support (@TwitterSupport) July 18, 2020
As rumors spread around the platform as to which eight accounts could have been targeted, Twitter released an additional clarification.
“There is a lot of speculation about the identity of these 8 accounts,” the company tweeted from its official @TwitterSupport account. “We will only disclose this to the impacted accounts, however to address some of the speculation: none of the eight were Verified accounts.”
There is a lot speculation about the identity of these 8 accounts. We will only disclose this to the impacted accounts, however to address some of the speculation: none of the eight were Verified accounts.
— Twitter Support (@TwitterSupport) July 18, 2020
This is a particularly startling revelation.
During the hack, verified accounts with millions of followers were tweeting out the same Bitcoin scam, urging users to send money to a Bitcoin address. The belief at the time was the person(s) behind the hack were simply trying to make a quick buck while seemingly inflicting as little long term damage as possible.
Imagine if someone with access to hundreds of high profile Twitter accounts wanted to ? Tank the economy? We were lucky it was only a silly Bitcoin scam that seemed to net the hackers around $100,000.
With the update about the downloaded data, that conversation changes. Why did the hackers download the data from these specific users? Were they targeted or chosen at random? How do the hackers plan to use this data? Why would they go after these unverified users when they had access to the direct messages and contact lists for some of the world’s most powerful politicians, celebrities, and tech moguls?
Twitter also confirmed in its Friday night update some details as to how the accounts were accessed and just how many users have been affected… that it knows about so far, at least.
As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets.
— Twitter Support (@TwitterSupport) July 18, 2020
The company says the hackers gained entry to its internal tools, which appears to confirm the legitimacy of those admin panel screenshots that were passed around Twitter during the hack.
Twitter also says 130 Twitter accounts were targeted. We know of some of the big verified users who were affected such as Barack Obama, Elon Musk, Joe Biden, Bill Gates, Kanye West, Kim Kardashian, Jeff Bezos, and Apple and Uber’s official accounts.
The company said that hackers gained access to 45 of them via a password reset and, for a second time, reiterated that the passwords used on the accounts were not accessed.
This also seems to confirm an that came out when the @6 Twitter account was hacked and sold on the social media black market. The person who runs @6 for hacker Adrian Lamo, who passed away in 2018, shared what occurred when the account was stolen. He explained how the hackers were able to change the email address associated with the account and turn off two-factor authentication, all so they could change the Twitter account’s password and take over the @6 username.
From what we do know now, it still doesn’t seem like this was a state-sponsored attack. Part of the hackers’ focus on Wednesday was on stealing rare, short Twitter handles for resale purposes. That doesn’t seem like something a foreign government would be particularly interested in doing.
But the fact that the hackers took the time to save up to eight unverified users’ Twitter data definitely brings more questions than it does answers.
During the hack on Wednesday, Twitter briefly shut down all verified users’ ability to tweet in order to mitigate the issue. Unverified users had about it, noting how they were unaffected by the attack.
Now, some have to be wondering…am I one of the eight unverified users that these hackers stole data from?
-
Entertainment7 days ago
‘The Last Showgirl’ review: Pamela Anderson leads a shattering ensemble as an aging burlesque entertainer
-
Entertainment7 days ago
Polyamorous influencer breakups: What happens when hypervisible relationships end
-
Entertainment6 days ago
‘The Room Next Door’ review: Tilda Swinton and Julianne Moore are magnificent
-
Entertainment5 days ago
‘The Wild Robot’ and ‘Flow’ are quietly revolutionary climate change films
-
Entertainment5 days ago
Mars is littered with junk. Historians want to save it.
-
Entertainment6 days ago
CES 2025 preview: What to expect
-
Entertainment4 days ago
Should you buy the 2024 Kindle Paperwhite Signature Edition?
-
Entertainment3 days ago
Beyoncé’s Christmas halftime show on Netflix: What to know about the NFL event