Sun, 19 Jul 2020 20:49:15
RakitAplikasi.com/en - On Friday night, Twitter released its first full blog post about what happened after the biggest security breach in the company's history, which led to attackers getting some of the highest-profile Twitter accounts in the world - including Democratic presidential candidate Joe Biden, President Barack Obama, CEO Tesla Elon Musk, founder of Microsoft Bill Gates, Kanye West, Michael Bloomberg, and many more.
The bad news: Twitter has now revealed that the attackers might have indeed downloaded private messages (DM) of up to 8 people while committing their Bitcoin fraud, and could see "personal information" including the telephone number and email address for each account they were targeting.
That's because Twitter has confirmed that the attacker tried to download the entire "Your Twitter Data" archive for these 8 people, which contained DM among other info.
For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. We are reaching out directly to any account owner where we know this to be true.— Twitter Support (@TwitterSupport) July 18, 2020
They might even have the DM that the 8 people want to delete, given that Twitter stores DM on its server as long as one of the parties in a conversation keeps them there - we know last February that you can retrieve the deleted DM by downloading “Your Twitter Data” archive even if you have deleted it yourself. The archive can also include other personal information such as your address book and all images and videos that you may have attached to that private message as well.
The good news: Twitter claims none of the 8 accounts have been verified by users, indicating that no individual with the highest profile is targeted to download their data. Maybe hackers saw their DM, but no, Democratic presidential candidate Joe Biden and others might not get their DM directly.
There are still many questions and serious investigations remain.
There is a lot speculation about the identity of these 8 accounts. We will only disclose this to the impacted accounts, however to address some of the speculation: none of the eight were Verified accounts.— Twitter Support (@TwitterSupport) July 18, 2020
According to Twitter, the hacker targeted 130 accounts; managed to trigger a password reset, login, and tweet from 45 of them; and only tries to download data for "up to eight" unverified accounts. We don't know how many accounts they have scanned for personal information or how many DM they might access or read.
And for a collection of 130 larger accounts - including famous ones like Democratic presidential candidates - Twitter says they might be able to see other personal information. Twitter also allows users who log in to see a history of the location of the place and the time they entered, for example.
Twitter has previously confirmed that its employees' internal tools are used to facilitate account takeovers, and suspects that employees have fallen into social engineering fraud - now, the company will further say with certainty that attackers “successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections.”
Keywords: twitter hack, twitter hack 2020, twitter news, twitter hacked bitcoin