Technology

Twitter says hackers viewed 36 accounts’ private messages

Twitter has revealed that hackers viewed private direct messages (DMs) from 36 of the accounts involved in last week’s hack.

It did not disclose who they belonged to beyond saying one was owned by an elected official in the Netherlands.

But the Dutch far-right politician Geert Wilders has told the BBC that this was a reference to his account.

Twitter has said that it does not believe any other former or current politicians had their DMs accessed.

It is not clear how many of the accounts overlap with the 45 that tweeted a Bitcoin scam.

Last week, Mr Wilders’ profile image was replaced with that of a cartoon of a black man, and his account’s background image was changed to that of the Moroccan flag.

Mr Wilders’ Freedom Party is the second biggest party in Netherland’s House of Representatives. In the last Dutch election it campaigned to ban Muslim immigration and shut mosques.

Geert Wilders
Mr Wilders told the BBC he had used Twitter’s direct message tool for about 10 years

“I was informed by Twitter last night… that my Twitter account was not only hacked for some days and the hacker also posted tweets on my account and sent DMs in my name, but indeed also got full access to my DMs, which of course is totally unacceptable in many ways,” Mr Wilders said.

“People critical of Islam or regimes in the Middle East [including those] from within countries like Iran, Saudi Arabia and Syria [have sent me DMs over 10 years] and I do hope they will not be in danger if their identity would be exposed because of this hack.

“I had deleted most of them but maybe some were left there for the hacker to see and copy.”

Twitter also commented further about the incident as it released its latest earnings.

“We’ve implemented safeguards to improve the security of our internal systems and are working with law enforcement as they conduct their investigations,” it said.

“We understand our responsibilities and are committed to earning the trust of all our stakeholders with our every action, including how we address the security issue.

“We will continue to be transparent in sharing our learnings and remediations.”

Calls to testify

On 16 July, the accounts of several high profile business leaders, celebrities and politicians accounts posted a bogus get-rich-quick scheme, including:

  • Amazon’s founder Jeff Bezos
  • Tesla’s chief Elon Musk
  • the rapper Kanye West
  • the reality-TV star Kim Kardashian West
  • former US President Barack Obama
  • the Democratic presidential candidate Joe Biden

It is believed victims sent about $120,000 (£93,600) in Bitcoin to the perpetrators, and the sum would have been larger if a crypto-currency exchange had not blocked further transfers.

Twitter has said a total of 130 accounts were targeted in the attack, which exposed personal information including email addresses and telephone numbers.

It previously revealed that eight non-verified accounts had all of their Twitter data downloaded, including DMs. The firm has not said if any of these coincide with the ones whose DM inboxes were looked at.

The US Senate Commerce Committee has demanded Twitter brief it about the wider incident by 23 July.

The senior Republican on the House of Representatives’ Judiciary committee has also called on its chair to ask Twitter’s chief executive Jack Dorsey to attend a separate hearing on Monday, at which Facebook, Apple, Google and Amazon’s chief executives are already scheduled to give testimony.

However, political watchers say it is unlikely that a formal invitation will be made as the focus of that event is anti-competitive behaviour, and Twitter is a much smaller company than the others.