Twitter is removing images from the social network that could point to how attackers executed a major hacking spree on the platform. On Wednesday,of prominent users, including Barack Obama, Bill Gates, Elon Musk, Kanye West and Jeff Bezos, in order to promote a Bitcoin scam.
While Twitter hacks are nothing new -- the social network experiences frequent-- the repeated and singular theme of Wednesday's account takeovers suggest an effort beyond last August.
"Given that numerous high-profile Twitter accounts were compromised as part of this attack -- accounts that would presumably be protected by multifactor authentication and strong passwords -- it is highly likely that the attackers were able to hack into the back end or service layer of the Twitter application," said Michael Borohovski, director of software engineering at the cybersecurity company Synopsys.
Twitter said that the attack came from hackers compromising one of its employee's accounts.
"We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools," Twitter said in a statement on Wednesday.
The company said it's investigating what other access the attackers had after getting their hands on Twitter's internal tools.
(For tips on how to secure your Twitter account, see this.)
Posters on a hacking forum for selling highly-desired Twitter handles on Wednesday displayed screenshots of Twitter's administrative panel, which showed internal details like the email addresses registered with accounts, when the account was last accessed and what phone numbers were tied to it. It also displayed the number of strikes logged against each account.
The screenshots were first reported by Motherboard and shared with CNET by a user on the forum.
"They forced me to delete the tweet and they gave me a 12-hour ban from tweeting or interacting with anyone on the website," the person who shared the screenshots said.
The images are being removed from Twitter for violating the website's rules because they show personal information, including the accounts' contact information.
The thread showing Twitter's internal tools has since been removed, according to the user. It's unclear how hackers were able to get screenshots of Twitter's internal tools.
"We don't know how long the attackers had access or the motives but they caused a substantial amount of distrust for the platforms security," Dave Kennedy, founder of cybersecurity company TrustedSec, said. "We don't know who was responsible or if this attack was the only portion of it. We hope twitter will be transparent in the investigation and who was behind the attacks."
Lawmakers are already demanding answers from the social network. Sen. Josh Hawley, a Republican from Missouri, sent a letter to Twitter requesting that he reach out to the Department of Justice and the FBI for help in the investigation.
The letter asks for Twitter to disclose if the hacking campaign was a breach of users or of Twitter's own internal systems.
"I am concerned that this event may represent not merely a coordinated set of separate hacking incidents but rather a successful attack on the security of Twitter itself," Hawley said. "As you know, millions of your users rely on your service not just to tweet publicly but also to communicate privately through your direct message service. A successful attack on your system's servers represents a threat to all of your users' privacy and data security."