Twitter has been mostly holding its breath since last week’s large-scale hacking of verified accounts, or “security incident,” as the company is calling it. The investigation into who managed to pull off such a feat of modern hijacking is still ongoing, Twitter says, but the company has some updates about what information was accessed.
The company reports a total of 130 accounts were compromised by attackers, but only 45 of those accounts were actually used to send tweets. Nonetheless, the hackers were able to scam people out of close to $120,000 in bitcoin. That number could’ve been much had the hackers managed to tweet from every compromised account. But access didn't just mean the ability to tweet, it also meant the ability to view direct messages.
Twitter says only one elected official — someone in the Netherlands — had their direct messages accessed, but 35 other accounts had their DMs accessed, too. Eight accounts had their entire account's data downloaded, meanwhile, though Twitter says none of those accounts were verified. But the overarching theme here is that things could have been much worse... but it's also really worrying this was possible in the first place.
The numbers so far — Yesterday’s update didn’t shed much light on the bigger questions about the hack, like how exactly it was carried out or whether or not Twitter’s own internal tools were used in doing so, as reports suggest. Instead, Twitter is focusing on giving us some hard data right now.
Here’s what we now know:
- 130 total accounts were targeted by attackers
- 45 of those accounts were used to send tweets
- 36 of those accounts had their DM inboxes accessed
- 8 of the accounts had a full “Your Twitter Data” archive downloaded, though none of them were verified accounts
More info, please — The hack may be over for now, but its implications are most certainly not. Twitter knows as much. In its blog post about the incident, the company says: “We’re embarrassed, we’re disappointed, and more than anything, we’re sorry.” Twitter also says it’s working to further secure its systems to prevent future attacks, including company-wide training to prevent social engineering attacks in the future.
Last week’s enormous security compromise is already falling out of the news cycle. Users on the social network have mostly gone back to their normal, fun, conspiracy-riddled Twitter activities.
Business as usual — But this is far from over for Twitter. The company will need to seriously reckon with the internal policies that allowed this to happen — including continuing to keep the public updated about those efforts — if it hopes to mitigate similar (or worse) issues down the line. Like Facebook has repeatedly demonstrated, though, with consumer attention spans being short, social networks can make huge mistakes, apologize, and most users will continue to use them anyway.