Twitter Says Attackers Downloaded Account Information, Which Includes Direct Messages, From Some in Hack

Twitter has revealed that the hackers who targeted 130 accounts in an attack this week downloaded data, which includes direct messages, from eight of the targeted accounts.
Twitter has revealed that the hackers who targeted 130 accounts in an attack this week downloaded data, which includes direct messages, from eight of the targeted accounts.
Photo: Leon Neal (Getty Images)

Twitter has released new details about the hack heard round the world this week, which is apparently a massive scam that aimed to get users to send bitcoin to a random cryptocurrency wallet. It was carried out by targeting some of the highest profile accounts on the social media network, such as those belonging to Elon Musk, Jeff Bezos, Kanye West, Joe Biden and Barack Obama. Besides asking for bitcoin, Twitter has revealed that the attackers also managed to download account information, which includes direct messages, for up to eight of the 130 accounts targeted.


This doesn’t mean that we’ll suddenly see any of Musk’s, or any of the other high-profile folk targeted, direct messages pop up online as a result of this hack. These are verified accounts, which were not among the eight identified by the company.

“For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our ‘Your Twitter Data’ tool,” Twitter said in a late night blog post on Friday. “This is a tool that is meant to provide an account owner with a summary of their Twitter account details and activity. We are reaching out directly to any account owner where we know this to be true. None of the eight were verified accounts.”

The company also revealed that for 45 of the 130 accounts targeted, attackers were able to initiate a password reset, login to the account and send tweets. Twitter believes that the attackers also may have attempted to sell some of the usernames.

According to the page dedicated to “Your Twitter Data”, the tool gives users a “snapshot” of their Twitter information. This includes “your profile information, your Tweets, your Direct Messages, your Moments, your media (images, videos and GIFs you’ve attached to Tweets, Direct Messages or Moments), a list of your followers, a list of accounts that you are following, your address book, Lists that you’ve created, are a member of or follow, interest and demographic information that we have inferred about you, information about ads that you’ve seen or engaged with on Twitter and more.”


Yes, despite that extremely long list of detailed and private information, let’s not forget the “and more.”

In its blog, Twitter worked to reassure the rest of its user base, which is rightly concerned over the implications of the attack now and in the future. The company said that it believed that the hackers did not see the private information of “the vast majority of people.”


However, for the 130 accounts targeted, Twitter said that while attackers were not able to see previous account passwords, they were able to view personal information, including email accounts and phone numbers. Additionally, in cases where an account was taken over by the hackers, Twitter said “they may have been able to view additional information.” It didn’t specify what information this might be and said its forensic investigation of the matter was ongoing.


Besides providing new details on the data accessed, Twitter ran down the actions it had taken thus far to address the incident. Behind the scenes, the company stated that it had moved quickly to lock down and regain control of the hacked accounts as well as to secure and revoke access to internal systems in order to prevent the hackers from getting further into its systems or the individual accounts.

Other actions included blocking many users, including some verified users (the blue checkmark folks), from tweeting or changing their passwords and locking accounts where a password had been recently changed. Twitter said that it was working on restoring access for all users who had been locked out of their accounts this weekend and next week.


Nonetheless, the company said it would limit the details it shared on its actions to address the incident at the moment.

“We are deliberately limiting the detail we share on our remediation steps at this time to protect their effectiveness and will provide more technical details, where possible, in the future,” Twitter wrote.


As for how the hack happened, Twitter said that it believed the hackers targeted its employees using social engineering, or by manipulating the employees into carrying out certain actions and revealing confidential information.


The New York Times reports that it spoke to four people that participated in the Twitter hack. Based on the interviews, the Times deduces that the attack was not carried out by Russia or a sophisticated group of hackers, but rather a group of young people. One of them is apparently a 19-year-old that lives at home with his mother in south England, while another is purportedly in his 20s and lives on the West Coast.

The hack, which generated about $120,000 worth of donations to the wallet address that was tweeted from the targeted accounts, has understandably set off alarm bells. The FBI and New York state’s Department of Financial Services are investigating the attack, per the Wall Street Journal.


As noted by the Journal, an attack like this is especially alarming considering Twitter’s importance as a platform for political discussion months before the U.S. presidential election. Kara Swisher and Scott Galloway, co-hosts of the Pivot podcast, also highlighted the danger of President Donald Trump’s favorite social media platform, which is his main way of communicating to the world, being hacked. A hacker could, for instance, take over Trump’s account and lie about launching an attack on a city.

Curiously, although maybe I should say “thank God”, Trump’s account was not one of those hacked this week.


Twitter knows that this is, obviously, not good. The company says it is embarrassed and sorry.


“We’re acutely aware of our responsibilities to the people who use our service and to society more generally,” Twitter said. “We’re embarrassed, we’re disappointed, and more than anything, we’re sorry. We know that we must work to regain your trust, and we will support all efforts to bring the perpetrators to justice.”

Share This Story

Get our `newsletter`


Meega Nalla Kweesta

Presuming they used the the normal features of the control panel tool, this should also be seen as “Many twitter employees *could* access your DMs if they so choose.”

I don’t use twitter, so maybe this was already known.