Skip to main content

Twitter says up to 8 accounts had all their data downloaded during its giant hack suggesting the hackers were after more than just Bitcoin

* Twitter gave an update late on Friday on its investigation into the highly visible hack of dozens of verified accounts on Wednesday. * Twitter said 130 accounts were targeted, of which 45 had their passwords reset and tweets sent by the hackers. * Up to eight accounts also had their data fully downloaded by the hackers. None were Verified accounts, the company said. * Visit Business Insider's homepage for more stories. The hackers who hijacked dozens of high-profile Twitter accounts this week may have had a second, less visible purpose. The hack took place on Wednesday when the hackers successfully gained access to accounts belonging to public figures, including Barack Obama, Joe Biden, Elon Musk, Bill Gates, and Kim Kardashian, as well as some company accounts like Apple and Uber. Hijacking these accounts, the hackers tweeted out a Bitcoin scam, asking followers to send Bitcoin to a specific wallet address and promising to send back double the amount. Twitter said on Friday that it believed 130 accounts were affected by the hack, and that only a "small subset" actually tweeted anything. Later that same day in a blog post, Twitter offered some more detail. "As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets," Twitter said. But sending tweets to a Bitcoin scam doesn't appear to have been the hackers' only objective. Out of the 130 compromised accounts, Twitter says up to eight had their data fully downloaded by the hackers using the "Your Twitter Data" tool, allowing users to download all the data relating to their account, including their private messages. Twitter said none of these eight accounts were verified, suggesting they may not have been any of the high-profile celebrity or company accounts that tweeted links to the Bitcoin scam. However, some of the hijacked accounts were popular but unverified accounts (e.g. the popular @TheTweetOfGod). Twitter gave no details on which accounts these were or what they might have in common. Numerous reports have linked the attack with a community of hackers obsessed with so-called "OG" accounts with super-short Twitter handles. Cybersecurity journalist Brian Krebs reported that hours before the Bitcoin links started being tweeted on Wednesday, a handful of OG accounts, including "@6," were also hijacked. How did they do it Twitter also provided more detail about how the hackers managed to crack into its systems. Twitter said the hackers had managed to gain access to an internal company tool using a "coordinated social engineering attack," on Wednesday. Social engineering is a term which means hackers manipulate, trick, or convince their target to hand over access to a system, rather than technically hacking. "The attackers successfully manipulated a small number of employees and used their credentials to access Twitter's internal systems, including getting through our two-factor protections," Twitter said in its Friday blog. It did not say how the employees were manipulated. On Thursday, Motherboard reported that a source who took part in the hack claimed the attackers paid a Twitter employee. In its blog, the company said it would be implementing extra training to guard against social engineering. Twitter says it is still investigating the attack and is working with law enforcement. The FBI is looking into the hack. The company said it is also restoring access to the account holders who were locked out while it sought to reestablish control of the situation. At least one affected account appears to have gone back to its owner, as Tesla's Elon Musk started tweeting again late on Friday. SEE ALSO: Twitter says 'social engineering' led to the massive hack that targeted high-profile accounts like Barack Obama and Jeff Bezos. Here's what the technique involves and how to avoid it. Join the conversation about this story » NOW WATCH: Why thoroughbred horse semen is the world's most expensive liquid
https://bit.ly/2WA6YQn

Popular posts from this blog

'Is Twitch on Roku?': No, not anymore — here's how to watch Twitch on your TV without using Roku

* There's no official Twitch app for Roku devices anymore, although there used to be one. * If you still have the old Twitch app installed, there's a chance it'll still work, but it's unlikely. * If you'd like to watch Twitch on your TV, you're better off using another device like an Amazon Fire TV Stick or Chromecast. * Visit Business Insider's Tech Reference library for more stories. Twitch's acquisition by Amazon opened the door to some cool features, like Twitch Prime. However, the acquisition also means that now there's no way to watch Twitch on a Roku device — after all, Roku is one of Amazon's competitors. Twitch used to offer a fully featured app for Roku devices. If you try to download that app now, however, you'll be shown a message saying that the app has been shut down.  If you already had the app downloaded when it was shut down, it's likely that you can't use it anymore. And even if you can, there's going t...

How to send your location on Snapchat to your friends through the app's Snap Map feature

* You can send your location on Snapchat to a single friend or to several users in a group.   * To send a location on Snapchat, you'll need to visit your friendship history with a user and locate the "Send My Location" feature.  * Once you send a location on Snapchat to a friend, they can tap it and zoom in to see where you are.  * Visit Business Insider's Tech Reference library for more stories. Whether you want to share the location of your favorite restaurant or the address of your new apartment, you can easily send your location on Snapchat to your friends.  You can do this using the Snap Map and will even be prompted to select who you want to share you location with the first time you use the app feature. You can choose to share your location with your mutual friends, a list of friends with exceptions, or a small group of selected friends.  To send your location directly to a mutual Snapchat friend, you must visit your chat history through your friends li...

Apple has backed down in its latest developer fight, apologizing to WordPress after it pressured the website-builder to add in-app payments

* Apple has apologized after it tried to force WordPress to add in-app payment options to a free app. * WordPress' founder said on Friday that Apple was refusing to allow any updates to the WordPress iOS app until the website builder added in-app purchases, from which Apple takes a 15-30% commission. * Apple is in a fierce fight with developers including "Fortnite" maker Epic Games and Spotify over its rules on in-app purchases. * Visit Business Insider's homepage for more stories. Apple has backed down in its latest skirmish with a developer over its App Store rules. The tech giant on Sunday issued a rare apology to WordPress after it pressured the website builder to add payment options to its free iOS app, or else be blocked from updating. "We believe the issue with the WordPress app has been resolved," an Apple spokesman told The Verge. "Since the developer removed the display of their service payment options from the app, it is now a free st...