The social media company also said the Twitter inbox of one elected official in the Netherlands had been accessed, but that there was "no indication that any other former or current elected official had their DMs accessed." It's unclear whether the attackers were able to compose and send messages to other users, in addition to being able to view direct messages.
The Twitter accounts of 130 users were targeted as part of a bitcoin scam last Wednesday, when hackers posted tweets soliciting donations via bitcoin after taking control of those accounts. The accounts targeted included dozens of internationally famous figures spanning politics, tech and entertainment.
Although Twitter has run into problems with cryptocurrency scams in the past, the scale of this hack appears unprecedented, drawing international scrutiny to the security vulnerabilities of one of the world's most popular social media platforms. Twitter declined a request for a full list of the targeted accounts, citing its ongoing investigation.
"Everyone is asking me to give back, and now is the time," read a tweet from Gates' account, which promised to double all payments to a Bitcoin address for the next 30 minutes.
A tweet from Tesla CEO, Elon Musk said, "I'm feeling generous because of Covid-19," Musk's tweet said. "I'll double any BTC payment sent to my BTC address for the next hour. Good luck, and stay safe out there!"
All tweets were subsequently deleted and verified Twitter accounts, those with a blue checkmark, were temporarily silenced as part of the company's initial responses to the hack. Still, the brazen hack along with Twitter's response have sparked fresh concerns from cybersecurity experts that social media platforms, which have become an increasingly important source of news and information, are unable to keep their operations secure.
Last Friday, Twitter disclosed that 45 accounts had tweets sent out by attackers and Amazon founder Jeff Bezos and rapper Kanye West, who had their accounts compromised, all have verified Twitter accounts. When users download their Twitter data, it includes photos, videos, an address book and other information -- and even direct messages, which means hackers have been privy to a total 44 Twitter inboxes.. Obama, Gates, Musk and other VIP users such as
Twitter believes that the attackers were able to circumvent security protections after they "successfully manipulated a small number of employees and used their credentials to access Twitter's internal systems." The company didn't disclose if the employees were tricked into handing over these credentials or were bribed.
More than a thousand Twitter employees and contractors may have had access to the internal tools that could change account settings and hand over control to other people, Reuters reported. Access to accounts for national leaders was reportedly limited after a contract employee in 2017 .