Twitter has admitted that the naughty folk who hijacked verified accounts last week read a portion of hacked users' direct messages.
Among the 36 Twitter users whose direct messages (DMs), email addresses and phone numbers were definitely accessed by account hijackers last week was one Dutch politician, the microblogging platform said overnight.
"We believe that for up to 36 of the 130 targeted accounts, the attackers accessed the DM inbox, including 1 elected official in the Netherlands. To date, we have no indication that any other former or current elected official had their DMs accessed," Twitter said in an updated post.
The hack happened after an individual or persons unknown gained access to Twitter's administrative tools, allegedly after bribing a company insider.
Twitter admits 130 A-lister accounts compromised to promote Bitcoin scam after 'social engineering' attackREAD MORE
As we reported last week, a number of Twitter accounts belonging to high-profile individuals were compromised. Those accounts all have blue ticks, indicating that they really do belong to whomever's name and mugshot they bear.
Rather than do something with lasting consequences, such as start a world war, crash a stock market or announce that Apple will start talking to El Reg again, the takeover chumps promoted a Bitcoin scam. World+dog promptly shrugged it off while lots of social media-oriented folk bellowed imprecations at Twitter for its crap security.
"Attackers were not able to view previous account passwords, as those are not stored in plain text or available through the tools used in the attack," continued Twitter in its update. "Attackers were able to view personal information including email addresses and phone numbers, which are displayed to some users of our internal support tools."
The names and faces of prominent people ranging from Bill Gates, Jeff Bezos and Barack Obama were used to promote a Bitcoin scam. Gullible followers were urged to send the cryptocurrency to a specific address with the promise of receiving double the amount back as part of a philanthropy drive. Incredibly some people did fall for it, with around $118,000 worth being transferred.
The hack is notable because many people, quite wrongly, believe that Twitter direct messages are a reasonably secure method of communication.
The social media giant released its Q2 2020 results [PDF] today, with ad sales, which make up 82 per cent of its revenue, sinking 23 per cent to $562m. It boasted that "audience and engagement surged in the last few weeks of Q1 as the COVID-19 pandemic became global".
But audience doesn't pay the bills; Twitter reported a loss this quarter of $1.2bn. The reason that looks so large is because it reverses a tax benefit from last year, when the company transferred IP to Ireland. It didn't get to use that tax benefit because it failed to make enough money to hit the minimum target for the benefit. Adjusted for tax, it lost $127m and revenues were down 19 per cent year-on-year at $683m. ®