Twitter says around 130 accounts were affected by the massive hack on July 15th.
The company released a statement via Twitter on the 16th detailing some of the findings from its investigation. Several high-profile accounts were impacted by the hack, including Barack Obama, Elon Musk, Bill Gates, Kim Kardashian, Joe Biden and more.
According to Twitter, hackers compromised an internal system to carry out the attack, which involved using access to high-profile accounts to tweet a Bitcoin scam. The scam asked people to send funds to a Bitcoin address and promised to send double the amount back.
However, Twitter’s statement suggested that the attack was broader than just a Bitcoin scam. The company noted that attackers were able to gain control of a “small subset” of the accounts and tweet from them.
Based on what we know right now, we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident. For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts.
— Twitter Support (@TwitterSupport) July 17, 2020
Additionally, Twitter says it will work with impacted account owners over the next several days. The company says it’s assessing whether non-public data related to affected accounts was compromised. Non-public data could mean private messages belonging to the accounts.
Previously, Twitter said the hack was a social engineering attack targeted against some of its employees. Social engineering refers to tricking or manipulating someone into handing over access to secured systems. In the case of the Twitter hack, that likely means employees with access to the internal tools used to carry out the attack were tricked into giving up access.
One notable account not among the high-profile users impacted by the attack was that of President Donald Trump. However, according to a New York Times report, Trump’s Twitter account has extra protections because of “past incidents,” including a Twitter employee deactivating Trump’s account on their last day at the company.
After that, Twitter implemented safeguards to prevent it from happening again. Although it’s not clear if these safeguards impacted the attackers’ ability to access Trump’s account, it seems likely that that’s the case.