Twitter has released more information about the unprecedented hack that took place Wednesday, causing dozens of high-profile accounts to tweet about a bitcoin scam.
The incident saw the accounts belonging to Barack Obama, Jeff Bezos, Elon Musk, Bill Gates, Joe Biden and others compromised. The accounts then tweeted, in some cases repeatedly, about a bogus offer of returning double the number of bitcoins sent to a certain digital wallet. Over $110,000 in bitcoin was sent to the address in just a couple of hours, before Twitter regained control of the accounts.
- Data Breach Weekly Security Report
- Twitter's own tools used by hackers in massive bitcoin scam attack
Now, as the FBI and Twitter itself investigates what went wrong, the website says approximately 130 accounts were targeted by the attackers. The site said in a July 17 statement: "For a small subset of these accounts, the attackers were able to gain control of the accounts and then send tweets from those accounts."
Twitter added: "We're working with impacted account owners and will continue to do so over the next several days. We are continuing to assess whether non-public data related to these accounts was compromised, and will provide updates if we determine that occurred."
The company also said it had been taking "aggressive steps" to secure its systems while investigations are ongoing. "We're still in the process of assessing longer-term steps that we may take and will share more details as soon as we can.
The statement comes as reports claim an advert appeared on a gray internet market ahead of the hack, advertising access to individual Twitter accounts for $2,500. Evidence given to Reuters by Israeli cybersecurity company Hudson Rock showed an advert promising to provide the email address associated to a Twitter account of the buyer's choosing for $250, or access to the account for $2,500, paid in anonymous digital currency.
While alarming in its own right, the advert suggests the Twitter hack was the work of low-level members of the cybercrime world, rather than a more sophisticated and potentially dangerous state-backed operation.