By Jack Robert Stacey
EU data-protection officers and the FBI are due to pass judgement on Twitter’s latest “co-ordinated” cyber-attack which, in one of the largest hacks in Twitter history, targeted the social media accounts of approximately 130 high-profile individuals.
Hackers, posting anonymously under the aliases of multiple Twitter accounts, were able to acquire approximately $100,000 in a breach that saw multiple accounts – including those held by Bill Gates, Elon Musk, and Jeff Bezos – become the face of an extensive crypto-currency scam. The hijacked accounts tweeted similar messages and promoted the transfer of the lucrative digital currency ‘Bitcoin’ to a specified address, appearing to offer an exchange that would double any given “donation”.
Twitter itself was able to promptly shut down the scam, preventing accounts from making public posts and temporarily removing the ‘verified’ status from all accounts in a move that wrestled control back from the hackers, preventing any further posts. While Twitter managed to eventually sever the connections of hackers to the accounts of influencers, new findings suggest that data had already been remotely harvested from up to eight of the hacked accounts.
Additionally (and perhaps more critically), Twitter revealed that the direct messages of 36 accounts had been comprised which enabled hackers to view the private messages of individuals, a number of those accounts continue to be used by key political figures.
US officials are beginning an extensive consultancy with data-protection officers and, providing that they find Twitter’s protection of user information and response to data breaches to be inadequate, the company could receive a hefty fine. Following the hack, the social networking service has already faced considerable financial repercussions with Twitter losing a total $1.3 billion from its market value in a single day of premarket trading.
Although the impacts are limited in scope when comparing to previous Twitter hacks, data-protection experts have attested that hackers could have easily impersonated high-profile twitter accounts and covertly harvested larger amounts of data, resulting in significantly more damage.
Matthew Hodgson, Chief Executive of decentralised messaging app Element, commented on the data breach:
“harvesting sensitive information could fuel a wave of extortion or something much worse.”
The hack, along with its subsequent investigation, has deeply impacted already heightened fears over state-sponsored cyberattacks with several international authorities calling for increased levels of transparency and improved digital security.
In a statement addressing the event, Twitter stated that the hackers had gained access to the accounts through the assistance of a Twitter employee; the details regarding the employee’s interactions with hackers are currently unknown. It is thought that hackers accessed the personal accounts and information of users through the site’s internal dashboard, a publicly-restricted tool that Twitter has since removed altogether as part of its promise of “greater transparency”, company-wide training, and increased account security.
US Officials continue to draw information in regard to the Twitter hack and are due pass judgement that will shape the social networking site’s use of data and security measures in the foreseeable future.