- Twitter has said that the hackers involved in the bitcoin scam accessed DMs from 36 accounts.
- One of these accounts belongs to an elected candidate from the Netherlands.
- Last week Twitter had said that a total of 130 accounts were compromised in the bitcoin scam.
Last week, Twitter admitted data breach when hackers attacked high-profile accounts to lead users into a bitcoin scam. The compromised accounts belonged to famous politicians, celebrities and public figues like Barack Obama, Joe Biden, Kanye West and Elon Musk among several others. The micro-blogging site acknowledged the hack and said that around 130 accounts were targeted.
Adding to that information Twitter has said that out of those 130 accounts, hackers accessed direct message inboxes from 36 accounts, one of which belongs to an elected official in the Netherlands.
Twitter has not disclosed which Dutch candidate's DMs were accessed but according to local reports, the account belongs to far-right politician Geert Wilders, BBC noted.
Direct messages (DMs) are private messages that users send to other users in confidence in the form of texts, pictures, links or videos. This means that hackers have had the access to private information from those 36 accounts which they could use at a later point. The private information obtained from those Twitter accounts can be used to cause potential harm to the victims.
Twitter, however, asserted that the hackers did not take any information from other elected officials aside from the candidate of Netherlands.
"We believe that for up to 36 of the 130 targeted accounts, the attackers accessed the DM inbox, including 1 elected official in the Netherlands. To date, we have no indication that any other former or current elected official had their DMs accessed," Twitter said.
Twitter had previously said that the hackers also got a Twitter account summary of 8 accounts using the company's 'Your Twitter Data' tool. Twitter claimed that none of those 8 accounts was a verified account. "8 is the number of accounts where an archive of "Your Twitter Data" was downloaded. This includes all of *your* account activity including DMs. None of the YTD downloads impacted Verified accounts," Twitter said.
The company's Your Twitter Data tool is designed to provide an account owner with a summary of their Twitter account details and activity. The summary sheet may include all the tweets, retweets, and DMs information of the account owner.
45 high profile accounts were used by the hackers to send out the Bitcoin scam message last week. The message directed users to spend bitcoin currency on a given link or wallet address and claimed that their money would be doubled. It gave them a deadline of 30 minutes. The hackers from the scam were able to make around $121,000.
After a few hours of the hack, Twitter disabled the verified accounts from tweeting anything on the website. Twitter said that the hackers had gotten access to the company's internal tool through an insider employee which led to the hack. It was the work of a coordinated social engineering attack, Twitter said. The FBI is reportedly handling the case.