Updated Twitter has said that around 130 accounts were targeted by miscreants this week as high-profile individuals and businesses had their accounts hijacked to promote a Bitcoin scam.
The estimate comes days after the social media biz admitted the blitz – which snared the accounts of Bill Gates, Elon Musk, Jeff Bezos, Apple, Uber and former President Barack Obama – was the result of "coordinated social engineering".
In a post at 4am GMT of Friday morning, the Twitter support account said:
Based on what we know right now, we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident. For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts.— Twitter Support (@TwitterSupport) July 17, 2020
"We're working with impacted account owners and will continue to do so over the next several days," the company added. "We are continuing to assess whether non-public data related to these accounts was compromised, and will provide updates if we determine that occurred."
Twitter said it was "taking aggressive steps to secure our systems while our investigations are ongoing".
News outlet Vice claimed earlier this week that hackers boasted they had paid a Twitter insider to take control of the accounts.
The scam itself posted fake tweets in which followers were encouraged to send Bitcoin to a specific address with the promise that double the money would be returned.
The Bitcoin address in question has received almost $118,000.
In the aftermath of the 15 July attack, Twitter said yesterday: "We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools."
Today, the Twitter support account said it had no evidence that attackers accessed people's actual passwords, hashed or otherwise.
It appears the hijackers were able to, directly or indirectly, access an internal Twitter control panel disable multi-factor authentication on the popular accounts and change their email addresses, at least in some cases, allowing passwords to be reset and profiles taken over.
"Currently, we don't believe resetting your password is necessary," Twitter said, referring to its users in general. ®
Updated to add
The New York Times reports claims that a miscreant called Kirk was able to obtain access to Twitter's internal Slack workspace, there found details on how to log into the social network's admin panel, and used this access to sell valuable profiles and hijack others.
It was said Kirk boasted he worked at Twitter though his fellow hackers, who acted as middlemen in the sale of purloined Twitter accounts, didn't believe him.
Meanwhile, Twitter has put out its version of events:
The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts.
For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. This is a tool that is meant to provide an account owner with a summary of their Twitter account details and activity. We are reaching out directly to any account owner where we know this to be true. None of the eight were verified accounts.