Sensitive personal data could have been accessed in Twitter hack, experts warn
Twitter says it has restored most functionality and was continuing to investigate, but security experts have warned that as well as gaining access to the accounts to post the tweets, the hackers could have seen other private account information, for example, direct messages.
More sensitive information from high-profile Twitter accounts hit by a cryptocurrency scam may have been accessed and could be leaked in the weeks ahead, cyber security experts have warned.
The accounts, which have large Twitter followings, were simultaneously hacked and a message posted encouraging users to send 1,000 dollars (ÂŁ798) to a Bitcoin address to receive double in return.
Twitter has since confirmed that the attack was the result of a âsocial engineeringâ scheme by hackers who targeted Twitter staff with access to the siteâs âinternal systems and toolsâ.
I think it would be highly likely that a number of credentials have been stolen by the attackers and we could see more accounts and sensitive information being leaked in the coming weeks
Dan Panesar, Securonix
The platform said it had restored most functionality and was continuing to investigate, but security experts have warned that as well as gaining access to the accounts to post the tweets, the hackers could have seen other private account information, for example, direct messages.
Dan Panesar, director of UK and Ireland at Securonix, said: âI think it would be highly likely that a number of credentials have been stolen by the attackers and we could see more accounts and sensitive information being leaked in the coming weeks.
âThe Twitter hack looks a classic case of insider threat. The insiderâs behaviour can be malicious, complacent, or ignorant, which in turn amplifies the impact to the organisation resulting in monetary and reputation loss.â
Twitter is yet to confirm if any other account data was affected by the attack.
But James McQuiggan, security awareness advocate at cyber security firm KnowBe4, agreed that while the attack itself was alarming, cyber criminals gaining access to Twitterâs internal and administrative tools and the high-profile accounts it oversees was âa much larger concerning notionâ.
Targeted accounts included Microsoft founder Bill Gates, Democratic presidential candidate Joe Biden and Amazon billionaire Jeff Bezos.
Westâs account was hacked twice in the space of an hour with the same message posted.
A number of company accounts, including those of Apple and Uber, were also hacked with the message posted.
Most of the tweets were deleted within a number of minutes, but many had been retweeted thousands of times.
Twitter founder and chief executive Jack Dorsey said in response to the incident: âTough day for us at Twitter. We all feel terrible this happened.â
According to publicly available blockchain records on Thursday morning, the Bitcoin address linked to the scam had received more than 110,000 dollars (ÂŁ88,000) from hundreds of transactions.
Twitter said it had taken âsignificant steps to limit access to internal systems and toolsâ while it continued its investigation into the incident.
But security experts have also urged Twitter and other social media platforms to consider tightening security measures around those staff who have access to accounts.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
