Last week’s hack of over 100 very high-profile Twitter accounts did in fact expose the direct messages of many of those accounts, the company admitted today — including those of an elected official in the Netherlands, Geert Wilders.
The attack saw numerous popular accounts of celebrities and politicians taken over and tweeting a very obvious Bitcoin scam that nevertheless seems to have netted at least six figures. Twitter said that a “coordinated social engineering attack” gave hackers “access to internal systems and tools.” Verified users were also briefly prevented from tweeting (a change some welcomed).
In tweets and an update to its blog post on the “security incident,” Twitter said that “for up to 36 of the 130 targeted accounts, the attackers accessed the DM inbox.” They are “actively working on communicating directly” with those accounts affected.
We believe that for up to 36 of the 130 targeted accounts, the attackers accessed the DM inbox, including 1 elected official in the Netherlands. To date, we have no indication that any other former or current elected official had their DMs accessed.
— Support (@Support) July 22, 2020
Twitter had declined to say in the immediate aftermath of the attack whether DMs had been accessed by the hackers. Twitter’s messaging system is infamously not well encrypted but it was not clear whether the administrative tool reportedly used by the attackers offered access to inboxes.
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss the 20th anniversary of TechCrunch, and a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
Join 10k+ tech and VC leaders for growth and connections at Disrupt 2025
Netflix, Box, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, Vinod Khosla — just some of the 250+ heavy hitters leading 200+ sessions designed to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss a chance to learn from the top voices in tech. Grab your ticket before doors open to save up to $444.
A hacker used Twitter’s own ‘admin’ tool to spread cryptocurrency scam
Apparently whatever method was used, it gave access to DMs some of the time, or perhaps the hackers simply didn’t avail themselves of the opportunity for the remaining 94 accounts they took over. It’s not really clear from Twitter’s announcement. Twitter has previously said that it has “no evidence” that passwords were accessed by the hackers, and nothing in the update contradicts that.
The company attempted to place a silver lining on this cloud, saying it had “no indication that any other former or current elected official had their DMs accessed.” Considering the accounts of Barack Obama and Joe Biden were among those affected, that is technically good news.
This is almost certainly not the last we’ll hear from Twitter on this disturbing security breach.
