Twitter said it was working with law enforcement investigating the attack.
Photo: David Paul Morris/Bloomberg NewsTwitter Inc. TWTR 1.50% said the hackers behind this week’s attack on its systems and high-profile users walked away with some personal information, indicating that the perpetrators carried out more than a cryptocurrency-related scam.
In its fullest accounting so far of the hack, Twitter said late Friday the attackers targeted 130 accounts and reset passwords on 45 of those, enabling them to send tweets. Many of those posts encouraged Twitter users to transfer cryptocurrency to what appeared to be the attackers’ accounts.
The hackers also downloaded personal data of up to eight Twitter users whose accounts were compromised Wednesday. Twitter didn’t identify the affected users, whose personal messages transmitted via the platform may have been downloaded by the hackers.
Twitter said the data downloads didn’t occur on any of its so-called verified accounts, for which it takes extra measures to link the name to users. Some of the highest-profile victims in the attack, including Joe Biden, Bill Gates and Elon Musk, have verified accounts, which are indicated on the platform by a blue check mark.
Twitter said that the attackers accessed the accounts by manipulating a small number of employees to carry out unspecified actions and divulge confidential information. The hackers were then able to access tools only available to the company’s internal support teams using these employees’ credentials. It didn’t specify how its staff was manipulated.
The company said the attackers were able to view personal information like email addresses and phone numbers via these tools. They may also have attempted to sell some of the usernames of the compromised accounts, Twitter said. In the 45 cases where accounts were taken over, including some verified accounts, the company said the perpetrators may have been able to view other information, too. Twitter said it was still investigating the attack.
In the cases where the hackers downloaded users’ personal data, they may have accessed personal messages using a tool Twitter provides to users to download such information. The company has since suspended users’ ability to use the tool.
The San Francisco-based social-media company said it was working with law enforcement investigating the attack. The Federal Bureau of Investigation and New York’s Department of Financial Services have launched probes. The attackers received over 510 payments totaling more than $120,000 from the scam, according to blockchain analysis company Chainalysis Inc.
Twitter is still grappling with the fallout of the attack, trying to restore accounts that were locked. The company said it was also putting stronger protections around its systems and that it would better train staff not to fall victim to scams.
Pressure on Twitter and how it runs the platform has intensified this week. Republican Sen. Josh Hawley of Missouri wrote a letter Friday to Twitter Chief Executive Jack Dorsey asking for further information about the hack, including whether the company in the past had considered more stringent access control measures and, if so, why it had decided not to implement them.
“We’re embarrassed, we’re disappointed, and more than anything, we’re sorry,” Twitter said in Friday’s statement.
Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
Business - Latest - Google News
July 18, 2020 at 01:20PM
https://ift.tt/32w1eLq
Twitter Says Hackers Downloaded Some Users’ Personal Data in Recent Attack - The Wall Street Journal
Business - Latest - Google News
https://ift.tt/2Rx7A4Y
Bagikan Berita Ini
0 Response to "Twitter Says Hackers Downloaded Some Users’ Personal Data in Recent Attack - The Wall Street Journal"
Post a Comment