Twitter Says DMs of 36 High-Profile Users Were Affected by Last Week’s Hack

Twitter yesterday announced that last week’s hack accessed the direct messages of a few dozen people, including one government official.

According to a new press release, Twitter said that hackers who broke into its system last week were likely able to read the direct messages of 36 accounts, including those of one elected official in the Netherlands.

“We believe that for up to 36 of the 130 targeted accounts, the attackers accessed the DM inbox, including 1 elected official in the Netherlands,” the social media giant said in press release Wednesday night. “To date, we have no indication that any other former or current elected official had their DMs accessed.”

“We are actively working on communicating directly with the account-holders that were impacted.”

Wednesday’s update also said that: “Attackers were not able to view previous account passwords, as those are not stored in plain text or available through the tools used in the attack.” “Previous passwords” referred to the passcodes that were used before hackers changed them. The update made no mention of passwords that were cryptographically hashed and whether the hijackers had the ability to obtain them. On background, a Twitter representative said the attackers didn’t see passwords in hashed or plaintext format.

In previous updates over the past week Twitter has provided additional details, including:

  • Hackers likely tried to sell access to hijacked Twitter accounts with highly coveted usernames such as @6
  • Up to eight of the compromised accounts had information taken through Twitter’s “Your Twitter Data” tool. None of these accounts were verified
  • Attackers tweeted from 45 verified accounts, which besides the holders mentioned above, also included Jeff Bezos, Barack Obama, and Apple
  • The company is working with law enforcement agencies, which, according to Reuters, include the FBI

Although it declined to offer specific information on the other 35 accounts whose DMs were possibly accessed, it added that so far there is no evidence to suggest the hackers accessed the DMs of any other former or current elected official.

The mass account takeover came to light last Wednesday when some of the world’s best-known celebrities, politicians, and executives began tweeting links to Bitcoin scams. A handful of the account holders included Vice President Joe Biden, philanthropist and former Microsoft founder, CEO, and Chairman Bill Gates, Tesla founder and CEO Elon Musk, and pop star Kanye West.

A few hours later, Twitter officials said the incident was the result of it losing control of its internal administrative systems to hackers who either paid, tricked, or coerced one or more company employees. The officials said they would disclose any other malicious activities those responsible may have undertaken as an investigation continued.