Largest Twitter Hack in History Steals 8 Profiles’ DMs

About 8 Twitter profiles had their private direct messages downloaded during the biggest hack in the firm’s history to date. Accounts taken to hold a Bitcoin-related attack included those from President Barack Obama, Tesla CEO Elon Musk, and Kanye West.

Other famous victims included presidential candidate Joe Biden, Amazon CEO Jeff Bezos, and Apple.

The company confirmed the possible retrieval in a Tweet that said the attackers might have taken personal information, as well. These include phone numbers and email addresses for the corresponding account owners.

According to its Support team’s Tweet, they were able to access this through Twitter’s “Your Twitter Data” tool.

It didn’t mention which account’s DMs the hackers took, but Twitter also claimed that none of the 8 accounts were high-profile. To prove this, the firm said that none of the eight were Verified.

If downloaded, the Your Twitter Data archive shows DMs, even if you had already deleted them. The data included could also hold personal information like locations and media you attached to those DMs.

That said, there’s still a pressing possibility that they might have seen the DMs instead. The support team confirmed that they might have been able to do so. The fact that the site also allows logged-in users to see location history is a double-edged sword.

After initially targeting 130 accounts, the hackers successfully logged into and tweeted from 45 of them. Twitter’s support team hasn’t said how many accounts they actually searched for personal information.

Twitter Apologized

During the hack, these attackers successfully tweeted to tell their followers to invest in a Bitcoin scam. The hacked accounts offered to send $2,000 for every $1,000 sent to the address they had stated.

Previous reports claimed that the people behind the attack appeared to come from the “OG” community. Their original intentions were to capture accounts with small character counts.

Based upon updates from the cybersecurity firm 221B, there was a combination of financial incentives and “technical” bragging rights. Furthermore, chief research officer Allison Nixon said it was to cause disruption.

The OG community isn’t known to be tied to any nation-state, Nixon said. They are a disorganized crime community with a basic skill set.

Nixon’s statement highlighted a massive flaw in Twitter’s services where millions of people reside. In a blog post a couple of days ago, the firm had published a blog post to apologize for the matter.

In said post, the firm claimed they were embarrassed, disappointed, and more than anything, they were sorry. The microblogging giant said it will work to regain the trust and support with efforts to bring the perpetrators to justice.

Further Theories about the Hack

The realization that Twitter’s own internal employee tools were used to facilitate the takeovers prompted many in-market theories. The company went so far as to confirm that these hackers manipulated employees and used their credentials for the hack.

Recently, researchers found separate hacks showing a five-hour video from Iranian attackers wiping out data from hacked email accounts. They even offered tips for people to do the same.

Meanwhile, some investigators found Russian hackers targeting Covid-19 research.

These two, well-acquainted with the attack cited, a hacker named “Kirk” who might have gained access via a Slack account. More specifically, one from a Twitter admin.

Even the Federal Bureau of Investigation is on the matter. Twitter also plans to keep updating users about the ongoing investigation.