Hackers stole private messages from 36 Twitter accounts

Twitter representatives continue to publish new data from the investigation of the massive attack that took place last week. The researchers report that hackers have stolen private messages from 36 Twitter accounts.

Let me remind you that as a result of the attack, were compromised accounts of many public people and large companies, including Bill Gates, Elon Musk, Jeff Bezos, Apple and Uber, the CoinDesk exchanges, Binance and Gemini, and so on.

The cybercriminals used gained access to the top accounts by arranging a fake distribution of bitcoins.

“The scammers acted according to the classic scam scheme: on behalf of famous people and large companies, they asked to send them a small amount of cryptocurrency, promising to double and return any amount received”, – said Twitter engineers.

Thus, the scammers “earned” about 13 BTC, or about $120,000.

However, CoinBase said the scammers would have stolen much more money if Coinbase hadn’t blocked transactions.

The company previously reported that the attack affected a relatively small number of accounts. The hack affected only 130 accounts, and 45 of them were successfully reset and compromised – the attackers posted fraudulent messages on behalf of these accounts.

For 8 more accounts, the attackers downloaded all available account content using the Your Twitter Data function. Interestingly, any of these 8 accounts were verified (did not have a blue checkmark).

“Attackers separately reviewed private messages in 36 compromised accounts. One of these accounts belonged to an unnamed Dutch politician”, – write now company engineers.

Earlier, US Senator Ron Weeden and activists of the Electronic Frontier Foundation have already raised the question of why the social network has not yet implemented end-to-end encryption for private messages, although it was working on this functionality in 2018.

Also in an updated blog post, the company emphasizes that attackers could not see previous versions of passwords from accounts, since they are not stored in clear text and are not available through Twitter’s internal tools used for the attack. On the other hand, hackers were able to view users’ personal information, including email addresses and phone numbers, which are “visible” for some accounts using internal tools.

In addition, Twitter employees write that the hackers were probably trying to sell some of the stolen accounts. In particular, this concerned rare and valuable usernames, such as, for example, @6.