Fraud Management & Cybercrime , Fraud Risk Management , ID Fraud

Dutch Lawmaker's Twitter Account Among 36 With Data Exposed

Social Media Company Says Fraudsters Accessed Information on These Accounts
Dutch Lawmaker's Twitter Account Among 36 With Data Exposed
Geert Wilders, a member of the Dutch Parliament and leader of the Netherlands Party For Freedom, told Reuters his Twitter account was taken over. (Photo: Netherlands Party For Freedom Facebook page)

A Dutch lawmaker’s Twitter account is among 36 that had some personal data compromised earlier this month when hackers targeted 130 verified accounts and launched a cryptocurrency scam. The politician told Reuters that his direct messages were accessed.

See Also: OnDemand | Combatting Rogue URL Tricks: How You Can Quickly Identify and Investigate the Latest Phishing Attacks

In a Wednesday update, Twitter reported that the hackers accessed the direct message inboxes of 36 accounts, enabling some information to be gathered. While Twitter did not release any of the names of the victims' names, Reuters reports that Geert Wilders, a member of Parliament and leader of the Netherlands Party For Freedom, was a victim. Wilders told Reuters his account takeover lasted several days and included full access to his direct messages.

"My Twitter account was not only hacked for some days and the hacker also posted tweets on my account and sent direct messages in my name, but indeed got full access to my DMs, which, of course, is unacceptable in many ways,” Wilders told Reuters.

Damage Assessment

Wilders appears to be the only politician to have had information in an account compromised. "To date, we have no indication that any other former or current elected official had their DMs accessed," Twitter says in its Wednesday update.

Twitter's Wednesday update notes that for 36 accounts, “attackers were able to view personal information, including email addresses and phone numbers, which are displayed to some users of our internal support tools. In cases where an account was taken over by the attacker, they may have been able to view additional information. Our forensic investigation of these activities is still ongoing."

For those victims who did not have personal data compromised, Twitter says the attackers were unable to view previous account passwords, because those are not stored in plain text or available through the tools used in the hack.

Twitter is continuing its investigation and communicating directly with the account holders involved, the company says.

How the Attack Succeeded

In the July 15 attack, "the attackers successfully manipulated a small number of employees and used their credentials to access Twitter's internal systems, including getting through our two-factor protections," according to Twitter.

For 45 of 130 accounts they targeted, "the attackers were able to initiate a password reset, login to the account and send tweets," the social media firm reports (see: 'Crypto' Scammers Weren't the First to Crack Twitter).

The victims included prominent business executives, politicians and celebrities, including presumptive Democratic presidential nominee Joe Biden, former President Barack Obama, Tesla CEO Elon Musk and Microsoft founder Bill Gates. The hackers who took over accounts launched a scam designed to trick the accounts' followers into sending $1,000 in bitcoin, promising they would then get back $2,000 (see: Several Prominent Twitter Accounts Hijacked in Cryptocurrency Scam).

"I am doubling all payments sent to my BTC address for the next 30 minutes. You send $1,000, I send you back $2,000," according to the fake message fraudsters posted on the verified Bill Gates Twitter account. The other well-known accounts posted similar messages (see: Twitter Hijackers Used Well-Honed Fraudster Playbook).

About 360 people sent a total of more than $120,000 to the hackers, according to news media reports.


About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to Forbes.com, TheStreet and Mainstreet.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.