Twitter Says Hackers Accessed the Direct Messages of 36 Accounts in Last Week's Breach

by

Twitter is continuing to investigate last week's security breach that saw the Twitter accounts of Apple and other high-profile figures and companies hacked by bitcoin scammers, and today the social media company confirmed that hackers accessed the Direct Messages of 36 Twitter accounts.

apple bitcoin hack
Twitter previously said that no passwords were stolen in the hack, which was a "coordinated social engineering attack" that targeted Twitter employees. Hackers were able to gain access to employee credentials, using that information to access Twitter's internal systems, including bypassing two-factor authentication protections.


The internal tools were used to target 130 accounts, and for 45 of those accounts, hackers initiated a password reset and had full access to the account to send tweets. For eight of the Twitter accounts, the attackers downloaded account information through the "Your Twitter Data" tool that provides Twitter account details and activity, but none of the eight accounts targeted in this way were verified accounts.

For the 130 accounts that were breached, which included the accounts of Tesla CEO Elon Musk, former U.S. President Barack Obama, former Microsoft CEO Bill Gates, Amazon CEO Jeff Bezos, presidential candidate Joe Biden, and others, hackers were able to see personal information like email addresses and phone numbers, and for some accounts taken over, additional information was available.

Twitter has not provided specific details on which of the 36 accounts saw their DMs breached, but hackers did access the DMs of one elected official in the Netherlands. No other former or current elected official had their DMs accessed.

Twitter is communicating directly with the account holders that were impacted and is further securing its system to prevent future attacks. As part of its efforts to stop something similar from happening again, Twitter is rolling out additional company-wide training to guard against social engineering tactics.

Tag: Twitter

Popular Stories

Nineth iOS 19 Feature

iOS 19 Beta is a Month Away With These New Features for Your iPhone

Thursday May 8, 2025 7:37 am PDT by
The first iOS 19 beta is just one month away, and there are already many new features and changes that are expected with it. Apple should seed the first iOS 19 beta to developers immediately following the WWDC 2025 keynote, which is scheduled for Monday, June 9. Following beta testing, the update should be released to the general public in September. Below, we recap the key iOS 19 rumors...
Read Full Article46 comments
Foldable iPhone 2023 Feature Homescreen

Apple's Foldable iPhone Display Tech May Set New Industry Standard

Thursday May 8, 2025 3:29 am PDT by
Apple's upcoming foldable iPhone will feature a new type of display panel developed by Samsung that has never been used in a foldable product, claims a source with links to Apple's supply chain. According to the account yeux1122 on the Korean Naver blog, the foldable iPhone will use a custom display process for which Apple will hold branding trademark rights, and that meets Apple's stringent ...
Read Full Article125 comments
iOS 18

Here Are Apple's Full iOS 18.5 Release Notes

Tuesday May 6, 2025 2:17 pm PDT by
Apple today seeded the release candidate version of iOS 18.5 to developers and public beta testers, giving us a look at the final version of the update that will be provided to the public next week. With the release candidate, Apple provided release notes, so we have a more complete look at the new features that are included in the update, including those that weren't found during the beta...
Read Full Article68 comments
siri glow

iPhone Users Now Able to Submit Claims in $95 Million Siri Spying Lawsuit

Wednesday May 7, 2025 11:40 am PDT by
If you owned a Siri-compatible device and had an accidental Siri activation between September 17, 2014 and December 31, 2024, you could be eligible for a payment from Apple as part of a class action lawsuit settlement. Apple in January agreed to pay $95 million to settle a class action lawsuit involving Siri spying accusations, and a website to distribute the funds has now been set up and...
Read Full Article79 comments
Mayday Calendar

Apple Acquisition Hints at Upgraded Calendar App on iOS 19 or Beyond

Friday May 9, 2025 9:13 am PDT by
Apple acquired Canadian startup Mayday Labs in April 2024, according to a European Commission listing, spotted by French blog MacGeneration. The acquisition had not received widespread attention from tech publications until now. Apple is legally required to report certain acquisitions to the European Commission, under the terms of the EU's Digital Markets Act. Mayday Labs founder Jeremy...
Read Full Article63 comments
fortnite apple featured

Epic Games Submits Fortnite to U.S. App Store

Friday May 9, 2025 9:57 am PDT by
As promised, Epic Games today submitted Fortnite to the U.S. App Store, and if approved by Apple, it will mark the first time that the Fortnite app has been available in the United States since 2020. Fortnite will include options to purchase in-app currency from the web rather than through in-app purchase, which is what got the game banned to begin with. This time, though, Apple has been...
Read Full Article406 comments
airpods pro purple

Apple's Camera Equipped AirPods and Apple Watch Could Launch as Soon as 2027

Thursday May 8, 2025 10:14 am PDT by
Apple is working on versions of the AirPods and Apple Watch that incorporate a camera, and the devices could be ready to launch sometime around 2027, reports Bloomberg. Apple has developed a chip codenamed "Nevis" that will be used for its camera-equipped Apple Watch, while a chip codenamed "Glennie" will be incorporated into the AirPods. Apple is aiming to have the chips ready "by around...
Read Full Article42 comments

Top Rated Comments

Apple_Robert Avatar
Apple_Robert
63 months ago
I am glad I got rid of Twitter a while back. I am social media free on my devices, except for MacRumors. :D
Score: 17 Votes (Like | Disagree)
Populus Avatar
Populus
63 months ago

Stoked the USA didn't "declare war" during this debacle.
Wow, I hadn't thought about what they (the hackers) could have done if they had accessed certain leader twitter... It gives me the shivers.


I am glad I got rid of Twitter a while back. I am social media free on my devices, except for MacRumors. :D
I did too, 6 years ago (more or less) and I'm glad to be free of all that tension, hate and aggressiveness I sometimes see on Twitter.
Score: 11 Votes (Like | Disagree)
jchap Avatar
jchap
63 months ago
"Social engineering" = "hacked by someone inside Twitter, who had the knowledge, ability and motivation to do this." Of course, Twitter implies that the perpetrator was outside of the company, and they seem to be inferring that Twitter's employees were somehow coerced or "socially engineered" into doing this without their knowledge.

No amount of internal training will prevent this kind of result.

Twitter needs to review their protocols that allow employees to access and modify said data in the first place. Someone had full access to a database that should have been carefully restricted only to those who absolutely required access for legal reasons. Did Twitter even go through any internal procedure leading up to the insider gaining said access? Companies that are careful about such things will keep their servers in secure and locked rooms, and meticulously log and monitor all access. They should absolutely know who was in there and which employee accessed their database, unless they are so inept that they have no access logging system.

If the DM database(s) was/were accessible anywhere inside of their corporate network outside of a select few, that is a major problem in and of itself. The fact that Twitter allows this sort of coordinated attack (whether the perpetrator was inside or outside of Twitter's corporate network) to even be possible says something about their security practices.

Ask yourself: do I want to participate in a social network, which is hosted by a company that allows its employees access to my direct messages without just legal cause?
Score: 10 Votes (Like | Disagree)
Makosuke Avatar
Makosuke
63 months ago
It's impressive and extremely lucky that these were small-time and uncreative hackers who apparently hit the social-engineering jackpot--they could have caused a truly disturbing amount of international or financial market chaos but basically just used it on a lame Bitcoin scam and selling a few low-character-count usernames.

Imagine what a well-planned, coordinated action by a state actor, dedicated group of terrorists, clever anarchists, or big-time financial market scammers could have accomplished.

You can be pretty sure that whoever they are they are reconsidering the success of their scam--there is absolutely no way $100K or so split more than one way is worth the international manhunt that's almost certain to result from this.
Score: 7 Votes (Like | Disagree)
ghanwani Avatar
ghanwani
63 months ago

Twitter is communicating directly with the account holders that were impacted...
Gates, Obama, Musk and other big guys all communicating with Twitter's frustrating customer service. haha
Score: 4 Votes (Like | Disagree)
nvmls Avatar
nvmls
63 months ago

Gates, Obama, Musk and other big guys all communicating with Twitter's frustrating customer service. haha
"Welcome to Twitter CS. if you are a celebrity please dial 1"
Score: 4 Votes (Like | Disagree)
Read All Comments