Days after Twitter accounts of several billionaires were hacked to engineer a crypto scam, Twitter on Saturday said it is embarrassed, disappointed and, more than anything, sorry for what happened with some of its high-profile users as attackers successfully manipulated its employees and used their credentials to access internal systems, including getting through the two-factor protections.
In the first detailed summary of the "social engineering attack" via a crypto scam that hit at least 130 users this week, Twitter said for 45 of those accounts, the attackers were able to initiate a password reset, login to the account and send Tweets.
"We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken. In addition, we believe they may have attempted to sell some of the usernames," the micro-blogging platform said in a statement.
For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account's information via "Your Twitter Data" tool.
This is a tool that is meant to provide an account owner with a summary of their Twitter account details and activity.
"We are reaching out directly to any account owner where we know this to be true. None of the eight were verified accounts," said Twitter.
The company said the attackers were not able to view previous account passwords, as those are not stored in plain text or available through the tools used in the attack.
"Attackers were able to view personal information including email addresses and phone numbers, which are displayed to some users of our internal support tools," informed Twitter.
In cases where an account was taken over by the attacker, they may have been able to view additional information, Twitter added, saying its forensic investigation of these activities was still ongoing.
"We are actively working on communicating directly with the account-holders that were impacted".
The company said it will soon restore access for all account owners who may still be locked out as a result of the remediation efforts.
The New York Times reported on Friday that the Twitter crypto scam can be traced back to a group of hackers who congregate online at OGusers.com, a username-swapping community where people buy and sell coveted online handles.
The report said that the Twitter hack is not from Russian, Chinese or North Korean hackers but was done by a group of young people, "one of whom says he lives at home with his mother".
Comments
Joy Alukkas is world biggest company, even though its GOS Jesus christian follower company, i can see lots of negative from mulims in disguise of hindu names below. GOD Jesus christ bless Joy alukkas
Finally!!! Great job!
It is a mystery why the Saravana Group does not attract the attention of any agency.
Raid them thoroughly and destroy this nest of black money hungry snakes.
Tax raids were almost forgotten during the last 10 years of congress rule! Why? Same intelligence was there, but it was used to force the target to give donations to party fund.
Reliance Jewelers and Gujjus are not making good business. Time to raid these south Indian companies.
missionaries money. their family has three different groups.. one more gold loan group having more than 10000 branches in all over India, even they penetrated place like munger,jamalpur, gonda, like small towns.. Where ever they working they placed kerla Christian should be there and he/she is responsible & coordinator between local church authority & foreign donor/ conversion group.
Add new comment