Hackers accessed direct messages (DMs) for 36 of the 130 high-profile users whose accounts were hacked in an unprecedented account breach last week, Twitter confirmed Wednesday.
An elected official in the Netherlands was one of those whose DMs were compromised, the company tweeted in an update late Wednesday, as part of Twitter’s interest in sharing “more specifics about what the attackers did with the accounts they accessed.”
At this time, it appears that the Dutch official was the only government official (previous or current – Joe Biden and Barack Obama were also part of the original hack) whose private messages suffered that fate, the company said.
“To date, we have no indication that any other former or current elected official had their DMs accessed,” Twitter added.
The company also tweeted a clarification to differentiate between a previous update to the hack in which they said hackers downloaded an archive of “Your Twitter Data” from eight of the 130 accounts, adding that none of these were verified accounts. Twitter previously said that for the “vast majority” of compromised accounts, the unknown attackers were unable to access this private account information.
Twitter continues to “actively” work to contact account holders with updates as the situation unfolds, the company said. Indeed, more than a week later, the social media giant continues to scramble to piece together what led to the epic hijacking of accounts that it first revealed on July 15, as it learns more information about what actually happened.
On that day, the company said that Twitter accounts of elite users such as Bill Gates, Elon Musk, Apple and Uber were all hijacked at the same time to push a cryptocurrency scam.
Twitter immediately locked down thousands of verified accounts belonging to high-profile Twitter users and high-profile companies to try to prevent hackers from perpetrating the scam, which involved sending tweets from each of the hijacked accounts to promote a bogus advance-fee cryptocurrency deal, promising to double the value of Bitcoin currency sent to one specific wallet.
Eventually, Twitter revealed that there was a compromise of the company’s internal systems by a group of unidentified hackers; they managed to gain access to Twitter company tools and secured employee privileges to mount a widespread social-engineering attack.
At the time, one security researcher called the incident “100-percent unprecedented”: “We have never seen such a large and simultaneous number of Twitter accounts hijacked at the same time,” Satnam Narang, staff research engineer at Tenable, told Threatpost.
Since then there has been widespread speculation and reported evidence about who may be behind the hack, but no solid conclusions.
Some of the strongest evidence about the potential perpetrators was published in a number of reports pointing to the sale of Twitter account access by hackers obsessed with so-called “OG handles,” which are short-character profile names that confer a measure of status and wealth in certain online communities.
Another plausible theory also emerged that that screenshots of Twitter’s internal tools appeared on underground forums ahead of the attacks due to a bribe of a lone rogue Twitter employee, but Twitter later refuted this claim.
At this time the FBI is said to be taking the lead in the investigation due to the massive privacy, legislative and business ramifications of the incident.
In the wake of the DM revelations, Fight for the Future has launched a new effort calling for the company to implement default end-to-end encryption on DMs.
“Given that Twitter is especially popular with journalists and activists speaking out against repressive governments, we think it’s fair to say that DMs leaking en masse could put people’s lives at risk,” a Fight the Future spokesperson told Threatpost. “iMessage, WhatsApp, Signal, and heck, even Facebook offer end-to-end encryption. Twitter needs to follow suit ASAP.”