Twitter has shared more information about the high profile hack it suffered yesterday which saw highstreet brands and public figures have their accounts hijacked to promote a cryptocurrency scam.
In a series of tweets, @TwitterSupport said that it had found no evidence that whoever breached the accounts – possibly via Twitter’s own internal administration tool – accessed any passwords.
As a result, it’s not calling on users to change their passwords. Of course, it would be remiss of me not to take the opportunity to remind anyone who hasn’t yet done so to protect their Twitter account with two-factor authentication (2FA).
Having 2FA wouldn’t have protected you from this latest attack, because Twitter’s internal tool is capable – no doubt – of disabling it on user accounts, but normally it’s a very sensible idea to have the option enabled.
But what I think is most interesting is what Twitter hasn’t said.
The hackers who compromised high profile Twitter accounts used the platform to post a fairly rudimentary cryptocurrency scam to millions of followers
Here, for instance, is what was posted from the Twitter accounts of Elon Musk, Jeff Bezos, and Bill Gates:
Like I said, a simple scam which attempts to trick the unwary into sending their Bitcoin fortune into the void, with little prospect of ever seeing it come back again. We’ve seen plenty of these, in various forms, in the past.
But in order to post those messages on this occasion, hackers had access to the Twitter accounts.
And that means they could also read private direct messages (known as DMs) sent and received from those accounts.
As TechCrunch reports, Twitter has not responded to questions about whether hacked users had their DMs accessed.
Clearly, it was possible for DMs to be read by the hackers. Whether they did or not is a different question.
But if hackers were able to access the private messages sent to and from Twitter accounts – including those belonging some of the world’s richest and most powerful people – I think that’s a much more chilling thought than a cryptocurrency scam being spammed out under their name.
It’s easy to imagine, for instance, how a sensitive personal message might be used against a high profile figure by an extortionist – whether that extortionist be a common-or-garden blackmailer or a nation state.
Other victims of the Twitter hack include Barack Obama, Joe Biden, Michael Bloomberg, Warren Buffett, Floyd Mayweather, Kim Kardashian, and Kanye West.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.