The famous Twitter hack of July 2020 will go down in history as one of the biggest failures for the company, just based on the sheer scale of the attack. Even though Elon Musk getting his account hacked is bad enough, Twitter now claims that the hackers might have downloaded all the data of 8 Twitter users. These users however, who faced the worst of this hack, were not verified, Twitter states.
Now, to get down into detail, hackers gained access to tools that are only available to the company’s internal support team, allowing them to attack 130 Twitter accounts. Out of these 130, they gained access to 45, which they used to “initiate a password reset, login to the account, and send Tweets,” Twitter says in a blog post.
The attackers then used these accounts to solicit money from Twitter users, hoarding digital currency that can be used in real life. Since these tweets came from some of the biggest names on the platform, including U.S. presidential candidate Joe Biden, reality TV star Kim Kardashian, former U.S. President Barack Obama and billionaire Elon Musk, among others, people were quick to respond, which netted the hackers close to $100,000.
However, out of those 45, the hackers went an extra step, to download the account’s information of 8 users, through Twitter’s “Your Twitter Data” tool. This means that these hackers now have access to their direct messages, photos, videos, their address book and other information. Even though the company claims that none of these accounts were verified, the high profile nature of the attack suggests that these accounts belonged to some very important people.
For the 130 accounts that were jeopardized, the hackers were able to view personal information including email addresses and phone numbers, which are displayed to some users of Twitter’s internal support tools. Twitter states they could not have gained access to previous account passwords, as those are not stored in plain text or available through the tools used in the attack.
However, the accounts which were taken over are the most at risk, as Twitter claims that the attackers may have been able to view additional information, without specifying what constitutes ‘additional information’. “Our forensic investigation of these activities is still ongoing,” the company added.