Twitter Says Hackers Targeted Employees Into Giving Them Credentials That Led to Security Incident

In a blog post Saturday, Twitter detailed a recent hack that affected many prominent users. The company explained that hackers were able to breach the company's security by targeting employees to gain credentials.

As previously reported, a number of prominent figures on Twitter were targeted Wednesday as part of a cryptocurrency scam. Accounts for Elon Musk, Joe Biden, Jeff Bezos, Bill Gates and others were compromised in the hack.

According to the blog, hackers used a "social engineering scheme" to get credentials from employees to access internal systems and get past the two-factor authentication process.

The company explained that it understands that 130 accounts were targeted, and attackers managed to reset passwords, log-in, and tweet for 45 accounts. Twitter also said that data was downloaded from up to eight unverified accounts using the "Your Twitter Data" tool.

"We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken. In addition, we believe they may have attempted to sell some of the usernames," according to the blog post.

There is a lot speculation about the identity of these 8 accounts. We will only disclose this to the impacted accounts, however to address some of the speculation: none of the eight were Verified accounts.

— Twitter Support (@TwitterSupport) July 18, 2020

Twitter also explained the actions taken to secure the compromised accounts since learning about the attacks on Wednesday. "Our incident response team secured and revoked access to internal systems to prevent the attackers from further accessing our systems or the individual accounts," the company wrote.

The company said that stopping accounts from tweeting and changing passwords was an effort to keep the hackers from spreading the cryptocurrency scam. It said that most users who had been locked out were able to use their accounts late on Wednesday. As of Saturday, most accounts that were locked due to recent password changes were restored.

Hackers gained access to email addresses and phone numbers for some of the compromised accounts, but were not able to see old account passwords. Twitter is still investigating the attack to see if additional information was available to the hackers.

"In cases where an account was taken over by the attacker, they may have been able to view additional information. Our forensic investigation of these activities is still ongoing," the blog post explained.

Twitter said that it would continue working to restore compromised accounts and its investigation into the attack. Besides those steps, the company also said that it would be working to secure systems more to prevent attacks in the future and introduce company-wide training to protect against social engineering schemes like the ones that led to this hack.

The company concluded the blog post with an apology to users.

"We're acutely aware of our responsibilities to the people who use our service and to society more generally. We're embarrassed, we're disappointed, and more than anything, we're sorry. We know that we must work to regain your trust, and we will support all efforts to bring the perpetrators to justice. We hope that our openness and transparency throughout this process, and the steps and work we will take to safeguard against other attacks in the future, will be the start of making this right."

Newsweek reached out to Twitter for comment, but did not receive a response in time for publication.

The Twitter logo is seen on a phone in this photo illustration in Washington, DC, on July 10, 2019. Twitter explained a recent hack, involving a cryptocurrency scheme, in a blog post on Saturday. ALASTAIR PIKE/AFP/Getty