Twitter says hackers swiped user data during the ‘Verified’ hack

More and more has been coming out about the that went down on Wednesday. However, the latest update from Twitter itself is cause for concern.

In an update posted on Friday night, Twitter ran down what its internal investigation has discovered so far. One piece of previously unknown information: the hacker(s) downloaded the personal account data for up to eight of the accounts which they had access to.

I should make this clear up front: that data includes direct messages.

As rumors spread around the platform as to which eight accounts could have been targeted, Twitter released an additional clarification.

“There is a lot of speculation about the identity of these 8 accounts,” the company tweeted from its official @TwitterSupport account. “We will only disclose this to the impacted accounts, however to address some of the speculation: none of the eight were Verified accounts.”

This is a particularly startling revelation.

During the hack, verified accounts with millions of followers were tweeting out the same Bitcoin scam, urging users to send money to a Bitcoin address. The belief at the time was the person(s) behind the hack were simply trying to make a quick buck while seemingly inflicting as little long term damage as possible. 

Imagine if someone with access to hundreds of high profile Twitter accounts wanted to ? Tank the economy? We were lucky it was only a silly Bitcoin scam that seemed to net the hackers around $100,000.

With the update about the downloaded data, that conversation changes. Why did the hackers download the data from these specific users? Were they targeted or chosen at random? How do the hackers plan to use this data? Why would they go after these unverified users when they had access to the direct messages and contact lists for some of the world’s most powerful politicians, celebrities, and tech moguls?

Twitter also confirmed in its Friday night update some details as to how the accounts were accessed and just how many users have been affected… that it knows about so far, at least.

The company says the hackers gained entry to its internal tools, which appears to confirm the legitimacy of those admin panel screenshots that were passed around Twitter during the hack. 

Twitter also says 130 Twitter accounts were targeted. We know of some of the big verified users who were affected such as Barack Obama, Elon Musk, Joe Biden, Bill Gates, Kanye West, Kim Kardashian, Jeff Bezos, and Apple and Uber’s official accounts. 

The company said that hackers gained access to 45 of them via a password reset and, for a second time, reiterated that the passwords used on the accounts were not accessed. 

This also seems to confirm an that came out when the @6 Twitter account was hacked and sold on the social media black market. The person who runs @6 for hacker Adrian Lamo, who passed away in 2018, shared what occurred when the account was stolen. He explained how the hackers were able to change the email address associated with the account and turn off two-factor authentication, all so they could change the Twitter account’s password and take over the @6 username.

From what we do know now, it still doesn’t seem like this was a state-sponsored attack. Part of the hackers’ focus on Wednesday was on stealing rare, short Twitter handles for resale purposes. That doesn’t seem like something a foreign government would be particularly interested in doing. 

But the fact that the hackers took the time to save up to eight unverified users’ Twitter data definitely brings more questions than it does answers.

During the hack on Wednesday, Twitter briefly shut down all verified users’ ability to tweet in order to mitigate the issue. Unverified users had about it, noting how they were unaffected by the attack. 

Now, some have to be wondering…am I one of the eight unverified users that these hackers stole data from?