Twitter said late Friday that hackers who hijacked the accounts of high-profile users including former US and Microsoft founder Bill Gates to tweet out a bitcoin scam this week also downloaded the data from up to eight accounts.
The company didn't identify who owned the accounts but said those users weren't verified. Obama, Gates and other prominent users such as Tesla CEO Elon Musk and rapper Kanye West who had their accounts compromised have verified Twitter accounts. When users download their Twitter data, it includes direct messages, photos, videos, an address book and other information.
"In cases where an account was taken over by the attacker, they may have been able to view additional information," Twitter said in a blog post Friday night. "Our forensic investigation of these activities is still ongoing."
Politicians and cybersecurity experts have raised concerns in the wake of the widespread hack that the direct messages of some of the most powerful people in the world could have been accessed during the attack on Wednesday. If there's sensitive information in these messages, hackers could use it for blackmail or ransomware. Twitter's direct messages aren't end-to-end encrypted, which would've prevented employees from reading the private messages.
On Thursday, Twitter said it believes that hackers targeted the Twitter accounts of 130 users. Twitter said Friday that hackers were able to reset the passwords of 45 accounts, giving them the ability to log in to the accounts and tweet. The attackers may have tried to sell some of the usernames as well.
The company said it believes the attackers weren't able to view a user's previous passwords. They were able to view personal information, including email addresses and phone numbers, Twitter said.
Twitter declined a request for a full list of the targeted accounts in light of its ongoing investigation, in which it's "continuing to assess whether non public data related to these accounts was compromised."
Though Twitter has faced the problem of cryptocurrency scams in the past, the size of Wednesday's attack is unusual, casting a spotlight on the potential security vulnerabilities of the popular social media platform. Twitter said it thinks that attackers were able to bypass account security protections such as two-factor authentication after they "successfully manipulated a small number of employees and used their credentials to access Twitter's internal systems." The company didn't say if the employees were tricked into handing over these credentials or were bribed.
On Wednesday, the accounts of dozens of internationally famous figures spanning tech, politics and entertainment posted similar tweets soliciting donations via Bitcoin. Apple, Uber and other businesses were also caught up in the sprawling hack.
"Everyone is asking me to give back, and now is the time," a now-deleted tweet from Gates' account said, pledging to double all payments to a Bitcoin address for the next 30 minutes.
"I'm feeling generous because of Covid-19," Musk's tweet said. "I'll double any BTC payment sent to my BTC address for the next hour. Good luck, and stay safe out there!" All the tweets were subsequently deleted, and verified Twitter accounts, those with a blue check, were temporarily silenced.
In addition to Twitter's investigation, the FBI has also announced the launch of a probe into the hacking incident.