Twitter says employees manipulated by hackers
In this file photo illustration, a Twitter logo is displayed on a mobile phone on May 27, 2020, in Arlington, Virginia.
Twitter said on Saturday that hackers “manipulated” some of its employees to access accounts in a high-profile attack, including those of Joe Biden and Elon Musk, and apologized profusely for the breach.
“We know that they accessed tools only available to our internal support teams to target 130 Twitter accounts,” said a statement posted on Twitter’s blog on Saturday.
“We’re embarrassed, we’re disappointed, and more than anything, we’re sorry,” Twitter said.
Posts trying to dupe people into sending the hackers Bitcoin were tweeted by the official accounts of Apple, Uber, Bill Gates and many others on Wednesday, forcing Twitter to lock large numbers of accounts in damage control.
Twitter said the attack was carried out by a group of young friends — one whom lives with his mother — with no links to any state or organized crime, The New York Times reported on Friday.
The paper said it interviewed four people who participated in the hacking, who shared logs and screenshots backing up their accounts of what happened.
The young hackers said a mysterious user who went by the name “Kirk” initiated the scheme with a message and was the one with access to Twitter accounts.
They added they were only involved in taking control of lesser-known but desirable Twitter accounts, such as an “@” sign and single letters or numbers that could easily be sold, according to the report.
The hackers maintained they stopped serving as middlemen for “Kirk” when high-profile users became targets.
Twitter said it is limiting the information it makes public about the attack while it carries out “remediation steps” to secure the site, as well as training employees to guard against future hacking attempts.
The hack has also raised questions about Twitter’s security as it serves as a megaphone for US politicians ahead of November’s election.
More than US$100,000 worth of the virtual currency was sent to e-mail addresses mentioned in the tweets, according to Blockchain.com, which monitors crypto transactions.
