As Twitter looks to focus on its usage growth in its latest performance update, the platform has also posted some new information on the recent hack, which saw 130 accounts compromised, including various celebrity profiles.
At around 1pm last Wednesday, a range of celebrity and brand accounts started tweeting out a message promoting a crypto giveaway, in which funds sent to a specified bitcoin wallet would return double the amount to the sender.
Twitter quickly moved to shut down all verified accounts as it investigated, then slowly reinstated access. The following day, Twitter provided an update, where it confirmed that 130 accounts, in total, had been accessed by hackers. Twitter subsequently confirmed on Friday that, for some accounts, the hackers had downloaded account data via the “Your Twitter Data” tool, giving them access to highly sensitive information.
This week, Twitter has provided more detail on the major breach, reporting that:
"We believe that for up to 36 of the 130 targeted accounts, the attackers accessed the DM inbox, including 1 elected official in the Netherlands. To date, we have no indication that any other former or current elected official had their DMs accessed."
That elected official is believed to be Geert Wilders from the right-wing Freedom Party (PVV). And while Twitter notes that no other politicians' private messages were compromised in the incident (which also saw the accounts of Barack Obama and Joe Biden hacked), the new detail underlines the depth of attack, and the potential damage that it could have caused, and still may, if, for example, confidential information gleaned by the attackers ends up being made public.
Of course, we don't know what's been shared by these users via their Twitter profiles, but given the way Twitter is now used by several world leaders in connecting with their constituents, it's highly possible that sensitive information has been shared via DM. And we don't know, for sure, what level of detail the hackers gleaned from each of the other 130 accounts - and while, in this case, it does appear that the hackers were more opportunistic than malicious, a larger question to ask is 'what if they hadn't been?'
We've already seen Russian-based groups seek to influence foreign elections. Don't think that they won't be monitoring this incident with raised eyebrows, as they assess their options heading towards the US Presidential Election.
The flaw, in this case, appears to have been human error, with a Twitter employee, or employees, reportedly posting access information in a private chat, which was then accessed by the hackers. In that sense, there will always be a level of vulnerability in all security systems - but the damage caused by such could be significant.
What if, in the closing days of the campaign, a Presidential candidate's account is hacked, and he/she tweets out a highly controversial message. The candidate could then, of course, say that they were hacked, but there would still be a percentage of people who wouldn't believe that explanation, and that could subsequently impact how they vote.
It may seem hyperbolic to suggest such major impacts based on tweets, but the platform is now key to how people connect, and how politicians communicate.
Indeed, a recent Pew Research study found that:
"Compared with a similar time period in 2016, the typical member of Congress now tweets nearly twice as often (81% more), has nearly three times as many followers and receives more than six times as many retweets on their average post."
In four years, since President Trump praised social media for helping him win the US presidency, the usage of social platforms has taken on new significance among politicians.
That's why this hack is so significant, and while the initial concern has died down, knowing that it was seemingly not linked to a more sophisticated, otherwise motivated hacker network, it should remain a major point of focus.
UPDATE (7/24): Two former Twitter employees have claimed that over a thousand of the company's employees and contractors had access to internal tools that could change user account settings and grant account control to others. Seems likely that there'll be a lot more to come on this incident.
