Twitter hack: Direct messages from 36 users are also compromised

For this purpose, the cybercriminals take control of the accounts in question. An elected official in the Netherlands is also affected. Since Twitter does not use end-to-end encryption for direct messages, it is in plain text on Twitter’s servers.

Twitter has released new insights into the recent hacking attack on the short message service, which has compromised numerous corporate and celebrity accounts. The company confirmed that the unknown perpetrators also accessed direct messages from a total of 36 accounts – a fear that the Electronic Frontier Foundation had previously voiced.

Hackers (Image: Shutterstock)“We believe that up to 36 of the 130 compromised accounts had attackers with direct mail access, including an elected official in the Netherlands,” the company said your own support account With. “So far, we have no evidence that direct messages from other former or current elected officials have been accessed.”

In addition, Twitter made it clear that the hackers had taken control of the accounts of the 36 Twitter users in question and were taking this opportunity to read messages in their inbox. In addition, they are not the eight affected, for whom an archive of all account data has been downloaded using the “Your Twitter data” tool. However, the direct messages from these users – all owners of non-verified accounts – would also have come into the hands of the cybercriminals.

The Electronic Frontier Foundation had already pointed out last week that direct messages are usually the most confidential form of communication between Twitter users. The company still does not offer end-to-end encryption for this communication. In the event of a hacker attack, they are therefore unprotected. In addition, Twitter CEO Jack Dorsey announced this security function two years ago, but has not yet implemented it.

Twitter reiterated that its investigation is ongoing. It is therefore not out of the question that the company will have to grant further data loss in the coming days.

So far, it is known that the backers of the attack captured access data from Twitter employees for internal systems via social engineering. This gave them access to at least 130 accounts on July 15. With 45 accounts, they reset the passwords to take complete control of those accounts and start Bitcoin fraud.

This brought the hackers around $ 120,000. However, several cryptocurrency exchanges, especially Coinbase, blocked the Bitcoin address given by the hackers in the fake tweets very promptly. This prevented around 1,000 Coinbase users from sending 30.4 bitcoins with a value of around $ 280,000 to the hackers.

To new heights with SkySQL, the ultimate MariaDB cloud

In this webinar we will introduce SkySQL to you, explain the architecture and explain how it differs from other systems Amazon RDS on. You will also get an insight into the product roadmap, a live demo, and how to get SkySQL up and running in minutes.

Leave a Reply

Your email address will not be published. Required fields are marked *