New questions are being asked of Twitter’s cybersecurity posture after the social network revealed that hackers managed to access the DMs of 36 high-profile accounts in a recent breach, including one Dutch politician.
The firm revealed the news in an update to the incident this week.
The politician in question is believed to be far-right lawmaker Geert Wilders, leader of the Party for Freedom. However, Twitter claimed that: “To date, we have no indication that any other former or current elected official had their DMs accessed.”
Nevertheless, there will concerns among other high-profile names on the 130-strong list of breached accounts that their private messages were also accessed. These include Jeff Bezos, Bill Gates, Barack Obama, Joe Biden, Elon Musk, Michael Bloomberg, Warren Buffet and many others.
Oregon senator Ron Wyden, who sits on the influential Senate Select Committee on Intelligence, took to Twitter before the latest revelations to voice his displeasure at the incident.
“In September of 2018, shortly before he testified before the Senate Intelligence Committee, I met privately with Twitter's CEO Jack Dorsey. During that conversation, Mr Dorsey told me the company was working on end-to-end encrypted direct messages,” he explained.
“It’s been nearly two years since our meeting, and Twitter DMs are still not encrypted, leaving them vulnerable to employees who abuse their internal access to the company’s systems, and hackers who gain unauthorized access.”
He added that if hackers were to access the DMs of some of the affected accounts “this breach could have a breathtaking impact for years to come.”
The breach first came to light last week after high-profile accounts began tweeting a cryptocurrency scam designed to trick followers into donating digital currency for a worthy cause.
It soon emerged that the attackers had accessed 130 business and individual accounts by socially engineering Twitter staff, which included “getting through our two-factor protections.”
There was more bad news for the social network this week after Reuters reported that over 1000 employees and contractors had access to the internal tools which could have enabled a similar incident.