Twitter officials say hackers managed to download data from at least eight non-verified accounts during Wednesday’s attack.
In a blog update on Saturday, the social media platform says it is “embarrassed,” disappointed,” and “sorry” for the social engineering attack that saw hundreds of accounts taken over, some involving verified, globally influential users with millions of followers.
Twitter says the hackers successfully manipulated a small number of employees and used their credentials to access the company’s internal systems, including getting through the two-factor protections. They then used social engineering to target some of Twitter’s employees and gain access to 130 accounts including those of Barack Obama, Joe Biden, Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk.
Twitter says for 45 of those accounts, the hackers were able to initiate a password reset, login to the account, and send bogus tweets.
Twitter officials add while the attackers were not able to view previous account passwords, they were able to get access to personal information such as email addresses and phone numbers, and other “additional information” which was not specified.
“In addition, we believe they may have attempted to sell some of the usernames,” they said.
They added that up to eight of the Twitter accounts involved, the attackers managed to download the account’s information through the “Your Twitter Data” tool which provides a summary of the user’s account details and activity.
None of the eight were verified accounts, according to Twitter.
Publicly available records indicate the hackers received more than $100,000 worth of bitcoin during the course of the attack.
Twitter officials say they are unable to provide further any details at this time in order “to protect the security” of the investigation.
“We are continuing our investigation of this incident, working with law enforcement, and determining longer-term actions we should take to improve the security of our systems,” the company said in its update.
Officials added they are aware of the long work ahead in rebuilding trust with its users in the wake of the attack.
“We’re acutely aware of our responsibilities to the people who use our service and to society more generally. We’re embarrassed, we’re disappointed, and more than anything, we’re sorry. We know that we must work to regain your trust, and we will support all efforts to bring the perpetrators to justice.”
