Twitter has provided a glimpse into its investigation of last week’s security breach, the worst in its 14-year history, as hackers commandeered more than 100 high-profile accounts.
“At this time, we believe attackers targeted certain Twitter employees through a social engineering scheme,” the San Francisco-based microblogging service wrote on its blog over the weekend.
Twitter said the cyberattackers managed to manipulate a “small” number of employees’ accounts and used their credentials to access Twitter’s internal systems to divulge confidential information.
The breach targets included presumed Democratic presidential nominee Joe Biden, reality star Kim Kardashian, former President Barack Obama, Microsoft’s Bill Gates, entrepreneur Elon Musk and investor Warren Buffett.
On Musk’s account, a tweet appeared asking for bitcoin, promising to double all payments sent to an address.
The hackers used internal tools to target 130 Twitter accounts. Of that number, the attackers reset passwords, logged into the accounts and sent tweets from 45 of them.
“We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken,” Twitter wrote. “In addition, we believe they may have attempted to sell some of the usernames.”
The attackers downloaded the account’s information through “Your Twitter Data” from as many as eight of the Twitter accounts involved. The tool provides account owners with a summary of their Twitter activity.
While attackers were unable to see previous account passwords, they did capture personal information, including email addresses and phone numbers, and in some cases, hackers may have been able to view additional information.
Twitter said it learned of the attack on Wednesday (July 15) and locked down and regained control of the compromised accounts. The FBI has launched an investigation.
“Our incident response team secured and revoked access to internal systems to prevent the attackers from further accessing our systems or the individual accounts,” Twitter wrote.
As word of the hack spread on Thursday (July 16) , the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) warned financial institutions of a high-profile scam exploiting Twitter accounts to try to scam convertible virtual currency from account holders.
Twitter said for now it will not provide details on how it plans to fix the problem going forward.
“We’re embarrassed, we’re disappointed, and more than anything, we’re sorry,” Twitter wrote. “We know that we must work to regain your trust, and we will support all efforts to bring the perpetrators to justice.”