- Twitter is still piecing together information about a massive hack last week that compromised 130 accounts and ground the site to a halt for hours.
- The hack’s unprecedented scope initially gave rise to theories that it was carried out by a sophisticated nation-state actor, but it now appears it was conducted by young, less-experienced hackers.
- New details about the scope of the hack came to light over the weekend, with Twitter disclosing that hackers also stole data from eight of the compromised accounts.
- Meanwhile, lawmakers, cybersecurity experts, the FBI, and current Twitter employees are still trying to piece together exactly what happened.
- Visit Business Insider’s homepage for more stories.
As the dust settles from one of the biggest hacks in Twitter’s history last week, investigators inside and outside the company are still trying to understand what happened.
The hack compromised some of the most prominent accounts on Twitter last Wednesday, including Barack Obama, Kim Kardashian, Bill Gates, and Elon Musk. The compromised accounts repeatedly posted fraudulent messages urging people to send bitcoin to a specific address. After more than two hours of mayhem, Twitter stopped the messages by blocking all verified accounts from posting tweets. But damage to the company’s reputation was already done, and Twitter saw $1.3 billion in market value wiped out in premarket trading the next day.
Twitter disclosed new findings about the hack in a blog post published over the weekend. It said that 130 accounts were accessed by the hackers in total, and added that the perpetrators downloaded data from eight of those accounts.
“We’re embarrassed, we’re disappointed, and more than anything, we’re sorry,” the company said in the blog post Saturday. “We know that we must work to regain your trust, and we will support all efforts to bring the perpetrators to justice.”
But Twitter has not yet publicly identified who might have been behind the hack. It’s now the subject of investigations launched by the FBI and New York State regulators. Congressional lawmakers have also sent questions to Twitter demanding more information about the nature of the attack.
Looming unanswered questions include how the hackers gained access to the Twitter accounts, the hackers’ motives, and whether Twitter has patched the vulnerabilities in question. Hackers appear to have pilfered over $100,000 through bitcoin sent to the wallet linked in the fraudulent tweets, but cybersecurity experts noted that hackers could have leveraged far more money if they had used compromised accounts in other ways, like playing the stock market. Experts have also questioned whether another attack could be imminent.
How the hack might have happened
Theories are still swirling about the specifics of the hack, but a few central facts have come into focus in the days that followed.
For one, it seems clear that hackers took over the accounts after gaining access to an internal dashboard meant for Twitter employees. The tool, the existence of which was first reported by Motherboard, apparently allowed hackers to take over accounts by changing their associated email addresses without notifying their owners.
And screenshots obtained by security researchers and shared with Business Insider show people discussing the internal tools in hacker forums in the days leading up to the attack. One person posted in the forum claiming that they could change the email address of any Twitter account for prices ranging from $250 to $3,000.
Twitter said last week that hackers targeted Twitter employees with a “social engineering” scheme in order to gain access to the internal dashboard, but it’s not clear whether or not a Twitter employee was aware of hackers’ plans prior to the hack. Hundreds of Twitter employees have access to the tools in question, former employees told CNN.
Since then, reports have suggested that the people discussing the hacks on the forums were relatively unsophisticated hackers. The New York Times reported Friday that the hack was carried out by a group of young people, citing interviews with people involved in the hack. Security researcher Brian Krebs traced the identity of one of the forum posts to a 21-year-old British man who may have been involved in the hack.
It’s still unclear whether Twitter has adequately patched the vulnerability in order to prevent a similar hack in the future. Twitter said its “next steps” include securing its systems and rolling out company-wide training to guard against social engineering schemes, and the company promised transparency as investigations into the hack continue.
“Through all of this, we also begin the long work of rebuilding trust with the people who use and depend on Twitter,” the company said.
Are you a Twitter employee with insight to share? Contact this reporter at (706) 347-1880 or email@example.com, using a non-work device. Open DMs on Twitter at @aaronpholmes. You can also contact Business Insider securely via SecureDrop.