Days after Twitter accounts of several billionaires were hacked to engineer a crypto scam, Twitter on Saturday said it is embarrassed, disappointed and, more than anything, sorry for what happened with some of its high-profile users as attackers successfully manipulated its employees and used their credentials to access internal systems, including getting through the two-factor protections.
In the first detailed summary of the "social engineering attack" via a crypto scam that hit at least 130 users this week, Twitter said for 45 of those accounts, the attackers were able to initiate a password reset, login to the account and send Tweets.
"We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken. In addition, we believe they may have attempted to sell some of the usernames," the micro-blogging platform said in a statement.
For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account's information via "Your Twitter Data" tool.
This is a tool that is meant to provide an account owner with a summary of their Twitter account details and activity.
"We are reaching out directly to any account owner where we know this to be true. None of the eight were verified accounts," said Twitter.
The company said the attackers were not able to view previous account passwords, as those are not stored in plain text or available through the tools used in the attack.
"Attackers were able to view personal information including email addresses and phone numbers, which are displayed to some users of our internal support tools," informed Twitter.
In cases where an account was taken over by the attacker, they may have been able to view additional information, Twitter added, saying its forensic investigation of these activities was still ongoing.
"We are actively working on communicating directly with the account-holders that were impacted".
The company said it will soon restore access for all account owners who may still be locked out as a result of the remediation efforts.
The New York Times reported on Friday that the Twitter crypto scam can be traced back to a group of hackers who congregate online at OGusers.com, a username-swapping community where people buy and sell coveted online handles.
The report said that the Twitter hack is not from Russian, Chinese or North Korean hackers but was done by a group of young people, "one of whom says he lives at home with his mother".
Comments
Haj subsidy was used to fleece the Muslim Pilgrims. I am sure the Haj tickets are much cheaper.
dear Hassan, dont bother yourself with airfare calcuations. This Naqwi is a stupid parallysed minister of BJP-RSS group. Though he has tongue but he cant speak his own, he has to be feeded by his superiors and spit the same. who the hell he to decide the number of piligrims to perform Hajj, is KSA is fathers property? he is thinking we Indian Muslims are stupid? i doubt he is a muslim (he is not). for your info, dont calculate airfare and expenses which is bound to occur during this holy deed. Islam has clearly emphasized "Hajj shall be performed for healthy and wealthy slaves" lets Ask Allah to all of us blesssed to reach that holy place and paerform our Hajj in sha Allah. Government subsidy is my foot....
He think he and his party fool people in each and every occations. What ever the quota saudi government provides, that much people will go to Hajj every year depend upon the Quota.
Record number of pilgrims ...without subsidy is a slap on you and Modi government.....
Mr mininster, We dont want Subsidy But please compare the air fare now and during HAj season. If you control on that then people will realise that you had did something positive. Airfare regular price from mumbai to jeddah is around Rs 25000/- But during Ramadan and Hajj seoson its crosses more then Rs 75000/- Differrence is more then what government was giving Susidy. So dont fool the nation. Keep control on Air fare. Jai hind
Add new comment