More information has emerged related to last week’s attack which saw a number of high profile Twitter accounts hijacked for the purposes of spreading a cryptocurrency scam.

Twitter has already said that 130 Twitter accounts were targeted by hackers, using tools that should only have been available to the site’s internal support team. Those tools allowed attackers to reset passwords, login to accounts, and send tweets like this sent from @BarackObama:

Other accounts which sent out similar tweets included ones belonging to presumptive US Presidential Candidate Joe Biden, Elon Musk, Amazon founder Jeff Bezos, Bill Gates, Kanye West, Uber, Coinbase, and Apple.

Followers of the accounts were told that all they had to do was send Bitcoins to a cryptocurrency wallet in order to have their funds doubled. Obviously, the offer was too good to be true, and over $100,000 is thought to have been sent to the scammers by unwary Twitter users.

As I wrote last week, affected Twitter users had more to worry about than just their accounts being exploited by criminals for the purposes of spreading a scam.

A bigger potential concern was that if someone had managed to gain access to a Twitter account then they would also be able to read private messages (known as direct messages or DMs in Twitter parlance) sent and received from those accounts.

Such information could – if it fell into the wrong hands – be potentially used to blackmail or apply pressure on someone who did not want their private communications to be made public.

Twitter has now said that it believes the attackers accessed the DM inbox of up to 36 of the targeted accounts.

In addition Twitter says that one of the 36 was an elected official in the Netherlands, but that it is not aware of any other former or current elected official having their DMs accessed.

Reading between the lines, it appears to me that Twitter is trying to reassure the media and US public that the direct messages of Barack Obama and Joe Biden were not compromised during the hack.

Twitter has also said that for eight of the targeted accounts, the hackers went a step further and downloaded all account information – through the “Your Twitter data” tool – that includes the email address associated with an account, phone numbers, birthday, profile location, login history, interests and Twitter ads data, list information, accounts you have muted or blocked, direct message archive, and other data.

In the wrong hands, such information could prove a treasure trove even more valuable than just a user’s direct messages.

Although Twitter is not making public who was affected by this deeper breach, it does say that none of the eight have verified accounts – ruling out the most notable victims of the hack.

But the one piece of additional information we do have is that an elected politician was targeted, and that they are based in the Netherlands.

Although Twitter is not making their identity public, it appears the Netherlands official is far-right politician Geert Wilders, leader of the PVV Party which has often found itself mired in controversy for its criticism of Islam and the European Union.

Last week, at about the time of the attack against others, Wilders’ Twitter account was hijacked and his avatar replaced with a cartoon. The attacker also changed his profile picture to that of a Moroccan flag.

A man claiming to be the hacker contacted a local radio station claiming to be responsible, linking the attack to the wider attack on high profile accounts, and saying that he had gained access to Wilders’ private messages on the site.

Wilders has since regained control of his Twitter account.

Speaking to the media, Wilders confirmed that the hacker ”indeed also got full access to my DM’s which of course is totally unacceptable in many ways.”

According to Wilder, his DM inbox contained messages he had received from people critical of Islamic and Middle Eastern regimes:

“I do hope they will not be in danger if their identity would be exposed because of this hack. I deleted most of them but maybe some were left there for the hacker to see and copy.”

The FBI is investigating who might be responsible for the Twitter hack. Twitter meanwhile says it continues to take steps to better safeguard against other attacks in the future.


Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.