Days after Twitter accounts of several billionaires were hacked to engineer a crypto scam, Twitter on Saturday said it is embarrassed, disappointed and, more than anything, sorry for what happened with some of its high-profile users as attackers successfully manipulated its employees and used their credentials to access internal systems, including getting through the two-factor protections.
In the first detailed summary of the "social engineering attack" via a crypto scam that hit at least 130 users this week, Twitter said for 45 of those accounts, the attackers were able to initiate a password reset, login to the account and send Tweets.
"We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken. In addition, we believe they may have attempted to sell some of the usernames," the micro-blogging platform said in a statement.
For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account's information via "Your Twitter Data" tool.
This is a tool that is meant to provide an account owner with a summary of their Twitter account details and activity.
"We are reaching out directly to any account owner where we know this to be true. None of the eight were verified accounts," said Twitter.
The company said the attackers were not able to view previous account passwords, as those are not stored in plain text or available through the tools used in the attack.
"Attackers were able to view personal information including email addresses and phone numbers, which are displayed to some users of our internal support tools," informed Twitter.
In cases where an account was taken over by the attacker, they may have been able to view additional information, Twitter added, saying its forensic investigation of these activities was still ongoing.
"We are actively working on communicating directly with the account-holders that were impacted".
The company said it will soon restore access for all account owners who may still be locked out as a result of the remediation efforts.
The New York Times reported on Friday that the Twitter crypto scam can be traced back to a group of hackers who congregate online at OGusers.com, a username-swapping community where people buy and sell coveted online handles.
The report said that the Twitter hack is not from Russian, Chinese or North Korean hackers but was done by a group of young people, "one of whom says he lives at home with his mother".