Twitter hackers accessed DMs of dozens of high-profile accounts

On July 15, the Twitter accounts of several notable personalities "shared" a Bitcoin scheme to double up the money of their followers.

Subsequently, the service confirmed that these accounts were taken over by fraudsters who carried out a massive coordinated hack to promote a Bitcoin scam aimed at luring people into giving away their money.

In a matter of minutes, Twitter locked the compromised accounts and disabled the functions to tweet or change passwords to prevent the scam from growing bigger, affecting more accounts.

Hours later, the company acknowledged that the hack was carried out from its backend as the scammers were able to social-engineer a "small number of employees" and use their credentials to access Twitter's internal systems.

An investigation carried out by Twitter showed that the attackers targeted as many as 130 accounts through its internal tools and took over some 45 of them by initiating a password reset and then logging-in.

It noted that the attackers were not able to see the passwords for all targeted accounts, but they did get access to personal information like emails/numbers through the tools.

More worryingly, in its recent update, Twitter claimed that 36 of the affected accounts had their direct messages opened by the hackers.

The company did not say who these accounts belonged to, but it admitted that one of these was of an elected official in the Netherlands - Geert Wilders.

No other elected official had their DMs compromised, Twitter has emphasized.

In addition to this, Twitter said hackers downloaded activity data of up to eight accounts through its 'Your Twitter Data' tool.

It is not clear if they were a part of the 36 accounts that had their DMs directly accessed, but the microblogging service claimed that none of them were verified.

For all affected accounts, the company said it would communicate with the owners.

The Jack Dorsey-led company notes in a blog post that it will continue to investigate the incident and cooperate with relevant authorities while trying to boost its security to prevent such incidents in the future.

It also plans to start "additional company-wide training to guard against social engineering tactics to supplement the training employees receive during onboarding and ongoing phishing exercises throughout the year."