Twitter has confirmed that hackers downloaded data from as many as eight accounts involved in a July 15 hack attack.
"For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our 'Your Twitter Data' tool," the social media giant said.
"This is a tool that is meant to provide an account owner with a summary of their Twitter account details and activity. We are reaching out directly to any account owner where we know this to be true."
By accessing the tool, attackers may have potentially accessed private direct messages, including photos and videos, as well as contacts that the Twitter app may have imported from users' smartphones.
For the 130 accounts targeted, attackers were able to view personal information, including email addresses and phone numbers, which are displayed to some support staff. Twitter said it is also possible that hackers were able to view some personal information of accounts that were taken over during the attack.
"Our forensic investigation of these activities is still ongoing," the company said.
The way attackers succeeded in breaking into the accounts is through a "social engineering scheme," Twitter said, which involved manipulating people into revealing confidential information. The credentials obtained were then used to access internal systems at Twitter, including overcoming two-factor identification protocols.
"For 45 of those accounts, the attackers were able to initiate a password reset, log in to the account, and send tweets," the company said, adding that in some cases, attackers may have tried to sell some usernames.
Twitter said it's still investigating the breach and working aggressively to secure its systems.
"We're embarrassed, we're disappointed, and more than anything, we're sorry," Twitter said in a statement July 17.
The FBI has launched its own probe of the incident.
“The FBI is investigating the incident involving several Twitter accounts belonging to high profile individuals that occurred on July 15, 2020. At this time, the accounts appear to have been compromised in order to perpetuate cryptocurrency fraud,” said the FBI’s San Francisco division in a statement. “We advise the public not to fall victim to this scam by sending cryptocurrency or money in relation to this incident.”
While Twitter has had security incidents in the past, the July 15 attacks were the most far-reaching and brazen.
In 2017, a rogue employee briefly deleted President Donald Trump’s account. Last year, a hacker gained access to Twitter CEO Jack Dorsey’s account and posted racist messages.