Twitter said that hackers were successful in manipulating several of the social media company’s employees into handing over credentials for internal systems, sparking this week’s massive hack of many of the platform’s highest-profile accounts.
Twitter said in a blog post Saturday that hackers were able to gain access, change passwords and send tweets for 45 users and completely download data, including private messages, of eight users. The hack mostly targeted prominent profiles, like those of former President Obama and billionaire Warren Buffett, but no data was downloaded from verified accounts.
The platform also declined to reveal some details of the hack, noting the hackers may have tried to sell usernames or read private messages of any prominent users while logged into their accounts.
“There are some details — particularly around remediation — that we are not providing right now to protect the security of the effort,” the company said. “We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken.”
Moving forward, the tech company said it is still working to restore access to all accounts that may still be locked, further “[secure] our systems to prevent future attacks” and implement “company-wide training to guard against social engineering tactics to supplement the training employees receive during onboarding and ongoing phishing exercises throughout the year.”
“We’re acutely aware of our responsibilities to the people who use our service and to society more generally. We’re embarrassed, we’re disappointed, and more than anything, we’re sorry,” the company said. “We know that we must work to regain your trust, and we will support all efforts to bring the perpetrators to justice. We hope that our openness and transparency throughout this process, and the steps and work we will take to safeguard against other attacks in the future, will be the start of making this right.”
The breach first occurred Wednesday when hackers gained access to several notable accounts in what appeared to be a scheme to get people to transfer bitcoins to scam accounts. The FBI is currently investigating to try to identify the hackers.