Over a hundred prominent accounts on Twitter were attacked as confirmed by the social network itself.
There is evidence of the attack being linked to a small hacker group.
Attack on Twitter Wasn't One Failure
According to a report given by Twitter on July 17, 130 accounts were hacked in the sudden attack. Only a small fraction of these hacked accounts were made to send out tweets.
Twitter reassures the owners of the accounts that the hackers didn't access their passwords. However, other private information might have been accessed, which includes direct message conversations.
Twitter is working hard to find out whether any private data from the affected accounts have been compromised. They will be providing updates if they discover if any private data has been compromised.
While Twitter continues to investigate, evidence that suggests the attack was linked to a small hacker group surfaced. This group has made attempts in the past to monetise their access by taking over and then selling accounts that have desirable or valuable usernames like first names or single characters.
Hackers typically target the accounts. It has been dating back to 2018, where hackers have been attempting to hijack phone numbers so that they could bypass the two-factor authentication that these desirable accounts on Twitter and Instagram had.
Before the attack occurred, someone posted on a forum, which was focused on hacking desirable accounts with unique usernames, offering anyone access to any Twitter account they wanted for a fee of $2,500 to $3,000. People would have to pay an additional $250 if they wanted the email address linked to their desired account to be reset.
An owner of a desirable account, a security researcher known as Lucky225, had control of the handle @6. This account sued to be owned by the late hacker Adrian Lamo. They posted a detailed account describing how he managed to get into the account with the handle @6. All that Lucky225 did was reset the email address associated with @6, and then he disabled the two-factor authentication that was protecting the account.
Lucky225 stated that having Twitter admin access didn't let you outright take control of any account you desired, but it did let Twitter's employees use tools that would help them assist people who indeed were locked out of their account on Twitter.
Who Was Behind the Attack on Twitter?
The New York Times published an account on July 17 that was based on interviews with hackers that have stated that they were involved in the sale of a few of the hijacked desirable accounts, but they didn't participate in the attack on Twitter or the Bitcoin scam. The publication's sources said that there was another hacker responsible for these actions, which they call Kirk. Kirk allegedly represented himself as an employee of Twitter.
Various investigators, along with some hackers think that Kirk obtained access to Twitter credentials using the internal Slack channel of Twitter. Twitter hasn't responded to this theory as of yet.
According to a Reuters report, the FBI has taken notice of this hack, and they are actively investigating the situation.
In a statement from the FBI, the bureau has said that they are aware of the security incident that had a few high-profile Twitter accounts being taken over. They say that they have been used as a medium to conduct cryptocurrency fraud.