Twitter believes the perpetrators of last week’s unprecedented attack on the company accessed the direct message (DM) inbox of an elected official in the Netherlands, the company said Wednesday evening. The revelation comes as part of the company’s ongoing investigation into last Thursday’s attack that allowed attackers to hijack the accounts of some of the service’s most high-profile users, including politicians Barack Obama and Joe Biden, to tweet a bitcoin scam.
In total, Twitter said it believes attackers accessed the DMs of up to 36 of the 130 targeted accounts, including that elected official. Twitter has “no indication” that other elected officials had their DMs accessed as part of the attack, however.
We believe that for up to 36 of the 130 targeted accounts, the attackers accessed the DM inbox, including 1 elected official in the Netherlands. To date, we have no indication that any other former or current elected official had their DMs accessed.
— Twitter Support (@TwitterSupport) July 22, 2020
This wasn’t the first indication that DMs were a target for the attackers. They attempted to download the “Your Twitter Data” archive for up to 8 accounts — a collection of data that does includes DMs — Twitter said in a blog post on Friday. The company claims that none of those affected accounts were verified, however, which would seem to rule out politicians like Joe Biden having their DMs accessed in that particular way.
Twitter also said Friday that the attackers weren’t able to view previous account passwords of the 130 targeted accounts, though they had the potential to see personal information like email addresses and phone numbers.
For 45 of the targeted accounts, attackers were able to initiate a password reset, log in, and tweet, according to Twitter, allowing them to pose not just as Obama and Biden but also Tesla CEO Elon Musk, Microsoft co-founder Bill Gates, Kanye West, and others.