In the latest cryptocurrency scam, hackers accessed direct messages for 36 Twitter accounts, including high-profile ones belonging to Uber, Bill Gates, Joe Biden and Barack Obama.
They were also able to download account data from eight accounts via ‘Your Twitter Data’.
According to Twitter, there are no signs that the private information of elected officials was compromised, and the same can be said for the vast majority of people who were targeted.
The company believes that the attack that took place last week was a coordinated social engineering campaign involving multiple employees.
The attackers were able to see phone numbers and email addresses not stored in plain text.
Investigators are trying to determine whether they were able to view additional information belonging to the account holders they targeted.
There is a great deal of speculation regarding who is behind the attacks, with some suspecting a coordinated nation-state attack.
Allison Nixon, chief research officer at Unit 221B, is highly confident that OGUsers, a fraud community, is to blame.
She claims to have been tracking the group for years.
Observing a pattern in which one-letter accounts were targeted, she immediately suspected that the group was up to something.
She said that in the early stages, they were taking over “cool names” belonging to the gaming community.
In 2016, the group migrated to crypto wallets and then to compromising celebrity Twitter accounts.
OGUsers is known for using insider recruitment methods that include spamming customer service representatives, calling employees for information-soliciting purposes, and even going as far as to socialise with them at real-life parties to lure them into their schemes.
When warnings started appearing in the OGUsers community about not selling one-letter accounts, she realised that she was onto something.
Ilia Kolochenko, CEO and founder at ImmuniWeb, believes that, given the number of accounts compromised, attributing the group’s success to mere social engineering is questionable.