Earlier this week we reported that Twitter had suffered a major hack, where a number of high profile Twitter users were targeted. Messages were sent from their accounts requesting Bitcoin payments, with the promise to double the amount paid. Over $100.000 USD was made by the hackers.
According to the BBC news website earlier this week, researchers at cyber-crime intelligence firm Hudson Rock spotted an advert on a hacker forum claiming to be able to steal any Twitter account by changing the email address to which it is linked.
The seller also posted a screenshot of the panel usually reserved for high-level Twitter employees. It appeared to allow full control of adding an email to an account or “detaching” existing ones.
This appears to link in with what some websites are reporting, an employee of Twitter who was paid for access to do this hack.
In a series of tweets issued today Twitter said :-
“Based on what we know right now, we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident. For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts.
We’re working with impacted account owners and will continue to do so over the next several days. We are continuing to assess whether non-public data related to these accounts was compromised, and will provide updates if we determine that occurred.
We have also been taking aggressive steps to secure our systems while our investigations are ongoing. We’re still in the process of assessing longer-term steps that we may take and will share more details as soon as we can.
Thank you for your continued patience and understanding while we investigate this incident. We’ll continue to provide updates when we have them.”