"We believe that approximately 130 accounts were attacked as part of the incident. For a small subset of these accounts, the attackers were able to gain control of the accounts and then send tweets from them," the company says.
Twitter has confirmed that approximately 130 accounts on the social network were affected by the largest security incident in the platform's history. The verified accounts of Microsoft co-founder Bill Gates, former U.S. President Barack Obama and Tesla CEO Elon Musk, among others, were hacked into to conduct crypto-currency scams.
The hack caused verified accounts to display a message urging followers to click on the attached link and make a donation in bitcoins.
"We believe that approximately 130 accounts were attacked as part of the incident. For a small subset of these accounts, the attackers were able to gain control of the accounts and then send tweets from them," Twitter said.
The company has said it is working with the owners of the affected accounts and analyzing whether private data related to the accounts has been compromised.
For all users of the platform, downloading data from Twitter "is still disabled as we continue this investigation. The network is taking steps to "secure our systems.
Twitter acknowledges that its internal systems were compromised by hackers, as the cyber attack could not have been carried out without access to company tools and employee privileges.
The company limited the functions of several accounts, as well as all verified accounts, even those that did not appear to have been compromised. And it blocked the affected accounts, and will only restore access to their owners "only when we are sure we can do so safely.
According to estimates from the cybersecurity company Kaspersky, "in just two hours", at least 367 users transferred around $120,000 to the attackers.
Check Point Analysis
Eusebio Nieva, Check Point's technical director for Spain and Portugal, comments that "this is not the first time that the company's employees have compromised the privacy of users, or that they have been responsible for the disclosure of confidential data". CEO Jack Dorsey's own account was exposed a few months ago after his phone number was stolen in a SIM Swapping attack. A year ago, two employees were accused of misusing their access to internal Twitter resources and helping Saudi Arabia spy on government opponents living abroad.
"Although Twitter has not yet shared all the details of this incident, we can see that on previous occasions the result has been the same, even if the source of the security breach was different. Whether it is disgruntled employees or custom-made social engineering attacks, the real problem is the great difficulty in limiting access to internal resources and preventing them from becoming a security breach," the expert says.
"However, this time it seems that Twitter is taking measures to prevent this type of incident from happening again in the future, making tools like the one presumably used in this attack less accessible. This new Twitter incident shows that, in today's world, in which more and more data is being lost, companies are obliged to take the necessary measures to ensure the protection of confidential employee and customer data, legal documents, etc. All of them are exposed daily to unwanted third parties, so they are at risk", underlines Eusebio Nieva.