That reports Twitter on its own blog. Employees of the platform were attacked via so-called ‘spear phishing’, in which a phishing email is drawn up addressed to a specific person. These are therefore more difficult to distinguish from usual phishing messages.
A few employees stepped into those phishing emails, causing the hackers to obtain passwords to use internal staff resources. These could then be exploited to attack 130 Twitter accounts.
Not all affected personnel were affected, but their profiles were then used to gather information about colleagues. This allowed them to break into even more sensitive accounts.
The hack involved some of the largest accounts on the social network, including those of Apple, Uber, Elon Musk, Joe Biden and Geert Wilders.
The hackers then managed to send tweets from 45 accounts. Many of these Twitter profiles posted links to scam websites that the hackers attempted to use to steal bitcoin.
The private messages of 36 Twitter users were also transparent to the hackers. In between is also a Dutch politician, presumably Wilders. The personal data of seven profiles was downloaded from Twitter.
Earlier it became clear that internal Twitter software was abused to break into the profiles, but it was unclear how the hackers could access it. It was feared that personnel had unauthorized access to the software.
It recently became clear that Twitter employees were light-hearted about access to sensitive data in profiles for years. For example, in 2017 and 2018, staff turned it into a game to spy on accounts of famous users such as Beyoncé.