The attackers who compromised Twitter in a massive breach last week might have accessed direct messages from up to 36 accounts, including CoinDesk’s.
Twitter announced late Wednesday that it had completed its review of the 130 accounts targeted by the hack, which saw numerous verified accounts hijacked to post a link to a questionable website or directly shill a bitcoin giveaway scam.
“The most important question for people who use Twitter is likely — did the attackers see any of my private information? For the vast majority of people, we believe the answer is, no,” Wednesday’s update said, later adding:
CoinDesk was informed Wednesday that its primary Twitter account was one of the 36. As of this writing, CoinDesk has yet to regain access to its account.
The attackers were not able to see previous passwords, but were able to access email addresses, phone numbers and possible “additional information,” the update said.
“To date, we have no indication that any other former or current elected official had their DMs accessed,” Wednesday’s update said, likely referencing former U.S. President Barack Obama and former Vice President Joe Biden, both of whom saw their accounts compromised.
Wednesday’s update comes a week after the platform suffered one of the biggest attacks in its 14-year history. While the attack originally targeted crypto exchanges and startups, it quickly spread to other major accounts, including Elon Musk, Bill Gates, Warren Buffett, Apple, Uber and a number of others.
Twitter previously said the attackers downloaded account information from eight of the victims, none of whom were verified (like @CoinDesk and the majority of those affected).
The attackers made off with around $120,000 in bitcoin from the attack, which has since begun moving through privacy wallets and mixers.
The FBI and other agencies are currently investigating, and federal lawmakers are questioning Twitter’s security practices in the wake of the attack.