Twitter says hackers downloaded data from up to 8 accounts

The data could have included direct messages and other information. Twitter said these accounts weren't verified.

Queenie Wong Former Senior Writer
Queenie Wong was a senior writer for CNET News, focusing on social media companies including Facebook's parent company Meta, Twitter and TikTok. Before joining CNET, she worked for The Mercury News in San Jose and the Statesman Journal in Salem, Oregon. A native of Southern California, she took her first journalism class in middle school.
Expertise I've been writing about social media since 2015 but have previously covered politics, crime and education. I also have a degree in studio art. Credentials
  • 2022 Eddie award for consumer analysis
Sareena Dayaram Senior Editor
Sareena is a senior editor for CNET covering the mobile beat including device reviews. She is a seasoned multimedia journalist with more than a decade's worth of experience producing stories for television and digital publications across Asia's financial capitals including Singapore, Hong Kong, and Mumbai. Prior to CNET, Sareena worked at CNN as a news writer and Reuters as a producer.
Expertise Huawei, Oppo, smartphones, smartwatches Credentials
  • More than a decade of journalism experience
Queenie Wong
Sareena Dayaram
3 min read
Angela Lang/CNET

Twitter said late Friday that hackers who hijacked the accounts of high-profile users including former US President Barack Obama and Microsoft founder Bill Gates to tweet out a bitcoin scam this week also downloaded the data from up to eight accounts.

The company didn't identify who owned the accounts but said those users weren't verified. Obama, Gates and other prominent users such as Tesla CEO Elon Musk and rapper Kanye West who had their accounts compromised have verified Twitter accounts. When users download their Twitter data, it includes direct messages, photos, videos, an address book and other information.

"In cases where an account was taken over by the attacker, they may have been able to view additional information," Twitter said in a blog post Friday night. "Our forensic investigation of these activities is still ongoing."

Politicians and cybersecurity experts have raised concerns in the wake of the widespread hack that the direct messages of some of the most powerful people in the world could have been accessed during the attack on Wednesday. If there's sensitive information in these messages, hackers could use it for blackmail or ransomware. Twitter's direct messages aren't end-to-end encrypted, which would've prevented employees from reading the private messages.

On Thursday, Twitter said it believes that hackers targeted the Twitter accounts of 130 users. Twitter said Friday that hackers were able to reset the passwords of 45 accounts, giving them the ability to log in to the accounts and tweet. The attackers may have tried to sell some of the usernames as well.

The company said it believes the attackers weren't able to view a user's previous passwords. They were able to view personal information, including email addresses and phone numbers, Twitter said.

Twitter declined a request for a full list of the targeted accounts in light of its ongoing investigation, in which it's "continuing to assess whether non public data related to these accounts was compromised."

Though Twitter has faced the problem of cryptocurrency scams in the past, the size of Wednesday's attack is unusual, casting a spotlight on the potential security vulnerabilities of the popular social media platform. Twitter said it thinks that attackers were able to bypass account security protections such as two-factor authentication after they "successfully manipulated a small number of employees and used their credentials to access Twitter's internal systems." The company didn't say if the employees were tricked into handing over these credentials or were bribed.

On Wednesday, the accounts of dozens of internationally famous figures spanning tech, politics and entertainment posted similar tweets soliciting donations via Bitcoin . Apple, Uber and other businesses were also caught up in the sprawling hack. 

"Everyone is asking me to give back, and now is the time," a now-deleted tweet from Gates' account said, pledging to double all payments to a Bitcoin address for the next 30 minutes.


This is the scam tweet sent from Bill Gates' account. (The Bitcoin address has been removed from this screenshot.)

Screenshot by Ian Sherr/CNET

"I'm feeling generous because of Covid-19," Musk's tweet said. "I'll double any BTC payment sent to my BTC address for the next hour. Good luck, and stay safe out there!" All the tweets were subsequently deleted, and verified Twitter accounts, those with a blue check, were temporarily silenced.

In addition to Twitter's investigation, the FBI has also announced the launch of a probe into the hacking incident.