After a depth analysis on the company’s biggest security lapse that led to hackers getting the access of some of the highest-profile Twitter accounts in the world including US Presidential candidate Joe Biden, Former US President Barack Obama, Tesla CEO Elon Musk, Microsoft co-founder Bill Gates, Kanye West, Michael Bloomberg, and many more.
Twitter published its first full blog post on Friday evening revealing that the attackers may indeed have downloaded the private data including direct messages (DMs) of up to 8 individuals while conducting their Bitcoin scam.
Twitter confirms that the attackers attempted to download the entire data of 8 individual accounts using Twitter’s “Your Twitter Data” tool, the company also noted that attackers were able to view “personal information” including phone numbers and email addresses for every account they targeted.
The attackers even tried to delete some of the DMs of those 8 individuals, since Twitter stores DMs on ints servers till either party to a conversation keeps them around, texts and multimedia data remains in the company’s servers.
Twitter notes that all of those 8 accounts were not verified users suggesting that the data of impacted high-profile individuals are safe and the attackers did not attempt to download their data.
Twitter noted that the attackers targeted 130 accounts in total; successfully triggered a password reset, logged in the accounts, and tweeted from 45 of those accounts and only attempted to download data of 8 unverified accounts.
The company previously confirmed that the attackers were able to access these accounts using its own internal employee tools and in the blog post the company further explained that the attackers “successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections.”