Yet the company’s update Saturday said none of those accounts were verified — meaning people like Joe Biden, Barack Obama and Bill Gates likely did not have their private information compromised. The identities of the accounts have not been disclosed.
Out of the 130 accounts confirmed to have been accessed during Wednesday’s breach, Twitter says the hackers were able to reset the passwords and take control of 45 of them, tweeting requests for bitcoin donations that were promptly deleted.
Many of those accounts were verified and belonged to prominent U.S. politicians, tech founders, billionaires and organizations like Apple and Uber. Beyond Biden, Obama and Gates, affected accounts included those belonging to Kanye West, Kim Kardashian, Elon Musk, Jeff Bezos and Warren Buffett.
Publicly available blockchain records show the apparent scammers received more than $100,000 worth of cryptocurrency, Reuters reported.
In its latest statement, Twitter said attackers “manipulated a small number of employees” to gain access to the internal support tools used in the hack.
The company said it was holding back some of the details of the attack as it continues its investigation and reiterated that it was working with impacted account owners.
“Attackers were able to view personal information including email addresses and phone numbers, which are displayed to some users of our internal support tools,” the company said.
“In cases where an account was taken over by the attacker, they may have been able to view additional information. Our forensic investigation of these activities is still ongoing.”
Twitter said it is working to further secure its systems and will roll out additional company-wide training “to guard against social engineering tactics.”
The FBI’s San Francisco office is investigating the breach, and members of the U.S. Congress are also calling for congressional investigations into Twitter’s security.
The company said its own investigation into what happened is ongoing and promised further updates as that probe continues.
“We’re embarrassed, we’re disappointed, and more than anything, we’re sorry,” it said. “We know that we must work to regain your trust, and we will support all efforts to bring the perpetrators to justice.
“We hope that our openness and transparency throughout this process, and the steps and work we will take to safeguard against other attacks in the future, will be the start of making this right.”
—With files from Reuters