Skip to main content

Twitter says up to 8 accounts had all their data downloaded during its giant hack suggesting the hackers were after more than just Bitcoin

* Twitter gave an update late on Friday on its investigation into the highly visible hack of dozens of verified accounts on Wednesday. * Twitter said 130 accounts were targeted, of which 45 had their passwords reset and tweets sent by the hackers. * Up to eight accounts also had their data fully downloaded by the hackers. None were Verified accounts, the company said. * Visit Business Insider's homepage for more stories. The hackers who hijacked dozens of high-profile Twitter accounts this week may have had a second, less visible purpose. The hack took place on Wednesday when the hackers successfully gained access to accounts belonging to public figures, including Barack Obama, Joe Biden, Elon Musk, Bill Gates, and Kim Kardashian, as well as some company accounts like Apple and Uber. Hijacking these accounts, the hackers tweeted out a Bitcoin scam, asking followers to send Bitcoin to a specific wallet address and promising to send back double the amount. Twitter said on Friday that it believed 130 accounts were affected by the hack, and that only a "small subset" actually tweeted anything. Later that same day in a blog post, Twitter offered some more detail. "As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets," Twitter said. But sending tweets to a Bitcoin scam doesn't appear to have been the hackers' only objective. Out of the 130 compromised accounts, Twitter says up to eight had their data fully downloaded by the hackers using the "Your Twitter Data" tool, allowing users to download all the data relating to their account, including their private messages. Twitter said none of these eight accounts were verified, suggesting they may not have been any of the high-profile celebrity or company accounts that tweeted links to the Bitcoin scam. However, some of the hijacked accounts were popular but unverified accounts (e.g. the popular @TheTweetOfGod). Twitter gave no details on which accounts these were or what they might have in common. Numerous reports have linked the attack with a community of hackers obsessed with so-called "OG" accounts with super-short Twitter handles. Cybersecurity journalist Brian Krebs reported that hours before the Bitcoin links started being tweeted on Wednesday, a handful of OG accounts, including "@6," were also hijacked. How did they do it Twitter also provided more detail about how the hackers managed to crack into its systems. Twitter said the hackers had managed to gain access to an internal company tool using a "coordinated social engineering attack," on Wednesday. Social engineering is a term which means hackers manipulate, trick, or convince their target to hand over access to a system, rather than technically hacking. "The attackers successfully manipulated a small number of employees and used their credentials to access Twitter's internal systems, including getting through our two-factor protections," Twitter said in its Friday blog. It did not say how the employees were manipulated. On Thursday, Motherboard reported that a source who took part in the hack claimed the attackers paid a Twitter employee. In its blog, the company said it would be implementing extra training to guard against social engineering. Twitter says it is still investigating the attack and is working with law enforcement. The FBI is looking into the hack. The company said it is also restoring access to the account holders who were locked out while it sought to reestablish control of the situation. At least one affected account appears to have gone back to its owner, as Tesla's Elon Musk started tweeting again late on Friday. SEE ALSO: Twitter says 'social engineering' led to the massive hack that targeted high-profile accounts like Barack Obama and Jeff Bezos. Here's what the technique involves and how to avoid it. Join the conversation about this story » NOW WATCH: Why thoroughbred horse semen is the world's most expensive liquid
https://bit.ly/2WA6YQn

Popular posts from this blog

Apple has backed down in its latest developer fight, apologizing to WordPress after it pressured the website-builder to add in-app payments

* Apple has apologized after it tried to force WordPress to add in-app payment options to a free app. * WordPress' founder said on Friday that Apple was refusing to allow any updates to the WordPress iOS app until the website builder added in-app purchases, from which Apple takes a 15-30% commission. * Apple is in a fierce fight with developers including "Fortnite" maker Epic Games and Spotify over its rules on in-app purchases. * Visit Business Insider's homepage for more stories. Apple has backed down in its latest skirmish with a developer over its App Store rules. The tech giant on Sunday issued a rare apology to WordPress after it pressured the website builder to add payment options to its free iOS app, or else be blocked from updating. "We believe the issue with the WordPress app has been resolved," an Apple spokesman told The Verge. "Since the developer removed the display of their service payment options from the app, it is now a free st...

SpaceX has a 'go' from NASA to return 2 astronauts to Earth on Sunday as Hurricane Isaias threatens several Florida splashdown locations

* NASA on Saturday gave SpaceX a "go" to undock the company's first crewed space mission, called Demo-2, and land it on Sunday evening. * Hurricane Isaias complicated original plans to return two astronauts to Earth aboard SpaceX's Crew Dragon spaceship in the Atlantic Ocean. * Elon Musk's aerospace company may now try to splash down NASA astronauts Bob Behnken and Doug Hurley in the Gulf of Mexico. * Two out of seven total landing sites near Florida must have good weather conditions, and NASA has until about 5 p.m. ET on Saturday to call off the undocking. * Should the weather worsen, NASA and SpaceX can try again a day later or some other date over the next two months. * Visit Business Insider's homepage for more stories. Astronauts Bob Behnken and Doug Hurley have a "go" to return to Earth this weekend and wrap up an historic space mission for both NASA and SpaceX.  Behnken and Hurley launched to orbit aboard SpaceX's Crew Dragon vehic...

What an independent contractor actually is and how it's classified under California's Assembly Bill 5, the gig worker law Uber, Lyft, and others are fighting with a November ballot measure

* California's Assembly Bill 5 (AB5) went into effect in January, adopting a narrow definition of independent contractor that forces Uber and other gig economy businesses to choose between reclassifying workers as employees or risking significant liability for misclassification. * The law serves as a reminder to California businesses to be careful when classifying workers as contractors.  * Classifying independent contractors falls into two main categories: the "right to control" test (often called the "IRS test") and the tougher "ABC test" recently adopted in AB5. * Uber, Lyft, and DoorDash have recently poured $30 million into Proposition 22 — a ballot measure intended to exempt major ridesharing and food delivery companies from AB5. If California residents vote the measure into effect in November, Uber and Lyft can continue classifying drivers as contractors.  * Visit Business Insider's homepage for more stories. In September 2019, Californ...