Remember the epic Twitter hack earlier this month, when ne’er-do-wells seized control of the Twitter accounts of celebrities and business figures ranging from SpaceX CEO Elon Musk to Microsoft co-founder Bill Gates, musician Kanye West and presidential hopeful Joe Biden?
Details have slowly been dribbling out about how the hack occurred — and now, new disclosures from Twitter’s own investigation are starting to piece together a fuller picture of one of the most sweeping social media security breaches in history.
Twitter admitted today that the hackers gained access to the accounts by “spear phishing” a number of its employees — sending them messages, basically, that are designed to trick them into extracting their login credentials.
Once the hackers gained access, the company said, they accessed 130 Twitter accounts. They opened the direct messages of 36 of the accounts, downloaded the Twitter data from seven, and tweeted a bitcoin scam from 45 others.
There are two key takeaways from Twitter’s latest revelations about the hack.
The first is that a successful hack doesn’t need to be particularly sophisticated — in this case, one of the most prominent social media sites on Earth was defeated by its own employees opening bogus links on their phones.
The second is that unknown hackers likely now have access to the account data and direct messages of dozens of high profile users, meaning it’s possible that the private communications of Musk, Gates or West are now floating around the web.
Musk, for one, doesn’t seem too concerned about his messages leaking online.
“I’m not that concerned about my DMs being made public,” he told the New York Times last week. “I mean, we can probably cherry pick some section of my DMs that sound bad out of context but overall my DMs mostly consist of swapping memes.”
READ MORE: Twitter hack: Staff tricked by phone spear-phishing scam [BBC]
More on the Twitter hack: Someone Apparently Just Hacked Elon Musk, Joe Biden, Jeff Bezos and Kanye West