Twitter has admitted that at least 36 users have had their private messages hacked in a cyber attack connected to last week’s high-profile bitcoin-related hack, raising concerns that well-known victims could be extorted.
Hackers last week took over the official Twitter accounts of more than 130 blue-ticked users, including politicians such as Joe Biden and Barack Obama and entrepreneurs Elon Musk and Jeff Bezos.
The scammers posted messages asking followers to deposit money into a bitcoin account, with the company later announcing that the scammers received 400 payments in bitcoin, with a total value of $121,000 at Thursday’s exchange rate.
Twitter today said that at least 36 of the hacked users have had their private messages infiltrated following the initial attack, including “one elected official in the Netherlands”, later revealed to be far-right Dutch political Geert Wilders.
“To date, we have no indication that any other former or current elected official had their [direct messages] accessed,” the company wrote in a tweet.
A spokesperson for Twitter added that the company was “communicating directly with any impacted account owners”.
Last Friday Twitter said that hackers may have attempted to sell some of the usernames taken over in the scam. It remains unclear whether Twitter employees were involved in handing over access to the company’s administrative systems or co-operated with hackers.
Screenshots obtained by Vice last week showed that the accounts had been taken over using an internal tool at the social media site, suggesting a Twitter employee may have been to blame for the high-profile data breach.
The FBI last week launched an investigation into the wide-scale hack, following concerns over whether the company has sufficient cybersecurity practices in place in the run-up to the US presidential election in November.
Cybersecurity experts called the hack a “huge blow” for the company, which has sought to position itself against rivals Facebook and Instagram as a more trustworthy social media platform.
Jamie Akhtar, chief executive and co-founder of CyberSmart said: “This attack specifically targeted high-profile, verified accounts. These are public figures and people rely on Twitter as a means of communication with them.
“This hack feels especially invasive because it has undermined trust in the platform that serves as a mouthpiece for globally influential people in our society. Up until now, we could assume any tweet from a verified Twitter account was the actual user. That is no longer the case. The platform will have a lot of work to do to rebuild that trust.”