News

Hackers stole private messages from 36 Twitter accounts

Twitter representatives continue to publish new data from the investigation of the massive attack that took place last week. The researchers report that hackers have stolen private messages from 36 Twitter accounts.

Let me remind you that as a result of the attack, were compromised accounts of many public people and large companies, including Bill Gates, Elon Musk, Jeff Bezos, Apple and Uber, the CoinDesk exchanges, Binance and Gemini, and so on.

The cybercriminals used gained access to the top accounts by arranging a fake distribution of bitcoins.

“The scammers acted according to the classic scam scheme: on behalf of famous people and large companies, they asked to send them a small amount of cryptocurrency, promising to double and return any amount received”, – said Twitter engineers.

Thus, the scammers “earned” about 13 BTC, or about $120,000.

However, CoinBase said the scammers would have stolen much more money if Coinbase hadn’t blocked transactions.

The company previously reported that the attack affected a relatively small number of accounts. The hack affected only 130 accounts, and 45 of them were successfully reset and compromised – the attackers posted fraudulent messages on behalf of these accounts.

For 8 more accounts, the attackers downloaded all available account content using the Your Twitter Data function. Interestingly, any of these 8 accounts were verified (did not have a blue checkmark).

“Attackers separately reviewed private messages in 36 compromised accounts. One of these accounts belonged to an unnamed Dutch politician”, – write now company engineers.

Earlier, US Senator Ron Weeden and activists of the Electronic Frontier Foundation have already raised the question of why the social network has not yet implemented end-to-end encryption for private messages, although it was working on this functionality in 2018.

Also in an updated blog post, the company emphasizes that attackers could not see previous versions of passwords from accounts, since they are not stored in clear text and are not available through Twitter’s internal tools used for the attack. On the other hand, hackers were able to view users’ personal information, including email addresses and phone numbers, which are “visible” for some accounts using internal tools.

In addition, Twitter employees write that the hackers were probably trying to sell some of the stolen accounts. In particular, this concerned rare and valuable usernames, such as, for example, @6.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove News-bpudepi.today pop-up ads (Virus Removal Guide)

News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…

17 hours ago

Remove Doguhtam.xyz pop-up ads (Virus Removal Guide)

Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…

17 hours ago

Remove News-xlixoti pop-up ads (Virus Removal Guide)

News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…

17 hours ago

Remove Ducesousightion pop-up ads (Virus Removal Guide)

Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…

17 hours ago

Remove News-xlabica.live pop-up ads (Virus Removal Guide)

News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…

17 hours ago

Remove Mergechain.co.in pop-up ads (Virus Removal Guide)

Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…

17 hours ago