In the days since we saw some of Twitter’s highest-profile accounts taken over for what appears to be a massive cryptocurrency scam, we’ve come up with more questions than we’ve gotten answers. How, exactly, was that one Twitter employee actually involved? What sort of technical protections has the company come up with to keep this from happening again? Why didn’t Donald Trump’s account fall victim? And aside from the bitcoin winnings, just how much damage did the hack actually do?
At the very least, the company offered some sort of insight into the scam’s scope with a tweet from its official Support page late Thursday. Apparently, the hacker (or hackers) targeted 130 accounts and were only able to send tweets from a “small subset.”
Based on what we know right now, we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident. For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts.
— Twitter Support (@TwitterSupport) July 17, 2020
The company added that it’s “working with impacted account owners,” and will continue to dig into whether any non-public data — like say, passwords — were compromised in the attack, promising that updates would be given “if we determine that occurred.” While Twitter investigates what all was compromised, it has disabled the option the download an account’s Twitter data.
We’re still waiting to hear back from Twitter on what it means when it says that only a “small subset” of accounts were fully taken over during the hacking spree, but we do know that in spite of its size, it still had a major impact. Even if it turns out that only a handful of accounts were fully hijacked, the accounts of the celebrities, politicians and tech wizzes that we’ve already confirmed to be compromised had tens of millions of followers between them. But despite the number of people who opened Twitter to see, say, Jeff Bezos asking for Bitcoin donations, folks keeping track of the crypto-scam space have pointed out that barely a fraction of those accounts ended up donating anything at all.
The day of the scam, just under 400 accounts were confirmed to send about $US120,000 ($171,528) worth of donations to the wallet address that was tweeted out. That’s definitely a lot of cash, but considering how this hack hit the likes of Kanye West, Elon Musk, and Barack Obama, you’d think that they’d collectively be able to rustle up a few more bucks between them.
The scam might’ve been small compared to its potential impact, but the fact that it went on for several hours and hit multiple political pundits ended up drawing the eyes of multiple lawmakers and the FBI, who set out on a probe of the company earlier this week. Meanwhile, New York Attorney General Letitia James said in a statement that the hack “raises serious concerns about data security and how platforms like Twitter could be used to harm public debate,” adding that she’s ordered her office to open an investigation of its own.