Earlier in the week, several famous people had their Twitter accounts compromised after hackers performed a successful social engineering campaign against several Twitter employees to gain access to the accounts. Twitter has now revealed that up to eight of the hacked accounts had their Twitter Data downloaded.
By using the Your Twitter Data tool to download account information, the hackers will have gleaned account details and activity. The firm said it has begun reaching out to those affected, presumably to let them know what happened and what the firm is doing in response.
The wider breach affected 130 Twitter accounts. According to the firm, attackers were not able to view old account passwords but were able to see personal information such as email addresses and phone numbers. In the cases where the attacker took over the account, additional information may have also been seen but we won’t know what exactly until Twitter has concluded its “forensic investigation”.
Going forward, Twitter plans to restore access to any account owners who are still locked out, it will continue its investigation with law enforcement, take action to tighten up its security, and finally, employees will receive further training to guard against social engineering tactics during on-boarding and other phishing prevention exercises will be held throughout the rest of the year.