Twitter put out a blog post on Friday providing an update on the investigation into the hack that saw a number of high-profile accounts compromised earlier this week.
“At this time, we believe attackers targeted certain Twitter employees through a social engineering scheme,” the company wrote in its statement, explaining that the hackers were able to gain access to the accounts through Twitter’s “internal systems.”
The security breach took over the social media platform on Wednesday night as accounts with millions of followers — including those of Kanye West, Joe Biden and Elon Musk — were accessed by the hackers. As part of its immediate response to the incident, Twitter temporarily took the step of disabling the ability to tweet or change passwords for verified accounts.
In total, 130 accounts were targeted, with 45 accounts accessed by hackers to send tweets about a bitcoin scam. In “up to eight” cases — none of which were verified uses, according to the company — hackers were able to access additional information.
“We are continuing our investigation of this incident, working with law enforcement, and determining longer-term actions we should take to improve the security of our systems,” the company’s statement said. “We have multiple teams working around the clock focused on this and on keeping the people who use Twitter safe and informed.”
A New York Times report on Friday suggested that the hack was the work of “a group of young people — one of whom says he lives at home with his mother — who got to know one another because of their obsession with owning early or unusual screen names, particularly one letter or number, like @y or @6.”
Multiple anonymous hackers told the Times that a hacker by the name of “Kirk” was able to gain access to Twitter’s internal systems to orchestrate the bitcoin scheme. According to the report, the targets were the so-called “O.G. account names,” which could be sold online.
Twitter said the “vast majority” of users’ personal information wasn’t compromised by the hack, though attackers were able to view some information, “including email addresses and phone numbers.” In the case of compromised accounts, attackers were able to view “additional information.”
“We’re acutely aware of our responsibilities to the people who use our service and to society more generally,” the statement read. “We’re embarrassed, we’re disappointed, and more than anything, we’re sorry. We know that we must work to regain your trust, and we will support all efforts to bring the perpetrators to justice. We hope that our openness and transparency throughout this process, and the steps and work we will take to safeguard against other attacks in the future, will be the start of making this right.”