Recently, on Saturday, there was a breach that was discovered by Twitter Inc., and they proclaimed that the threat actors had downloaded the account data and information of eight Twitter accounts that were used in the hack.
According to Twitter report the hackers were tailed and tweeted a cryptocurrency scam on account of all high-profile and verified accounts. But, Twitter declined to reveal all the identities of the accounts; that’s why they affirmed that all the accounts that were compromised are not “verified.”
This indicates that they did not have a blue tick to authenticate their ownership, and they don’t belong to the most high-profile hacked accounts.
Twitter also claimed that these anonymous attackers targeted nearly 130 accounts and were equipped to reset passwords to take authority of 45 of them and after that, they started tweeting from those hacked accounts. As per the security reports, hackers managed to enter Twitter’s internal systems to gain access to some of the platform’s top essential tools.
Hackers used the “Twitter Data” tool to download the account’s information; it’s a tool that allows the users to download their full summary of their Twitter account details and activity.
In this hack, they compromised some high profiles, which include former Vice President of the United States Joe Biden, former U.S. President Barack Obama, and billionaire Elon Musk. Here, the hackers manipulated them to approach cryptocurrency scam on their respective profiles.
According to Twitter Inc, the data that were involved in this breach was sensitive. A total of eight high profile accounts was involved in this breach, and here they are:-
- Barack Obama
- Elon Musk
- Joe Biden
- Kanye West
- Jeff Bezos
- Warren Buffett
- Cash App
What the Attackers Accessed
- The hackers successfully bypass two-factor authentication, but, they were not authorized to see the former account passwords, as those passwords were not stored in plain text or accessible by the tools utilized in the attack.
- The most critical data that the hackers could seize were all personal information, which includes email addresses and phone numbers, which are exposed to the users in the internal support tools. But, the digital money is anticipated to be divided into smaller amounts and operate through so-called “mixer” or “tumbler” services; thus, it makes it more difficult to trace it back.
- In case, if the attacker has taken the full access of any account, then they will be able to view further account details as well.
Moreover, Twitter was catching back some of the aspects of the attack, as they are continuing the investigation and repeated that it was already operating with influenced account owners.
In this event, thousands of followers and fans have lost more than $120,000 worth bitcoins to the CryptoForHealth account, that is used by the attackers.
Twitter said in its last statement that attackers “Maniupaltaed small number of employees” to gain access to the internal support tools utilized in the hack. But, the FBI’s San Francisco group is leading an inquiry into this hacking.