Twitter has apologised to users and says it is “embarrassed” after the recent hack targeting verified accounts.
The company has also revealed personal information of some of the world’s wealthiest people was leaked during the attack.
A social engineering scheme targeting Twitter employees led to the likes of Elon Musk, Jeff Bezos, Bill Gates, Barack Obama and Kanye West having their Twitter accounts hijacked last week, the tech company says.
The hackers went after 130 verified Twitter accounts and gained access to 45, posting a double-your-money bitcoin con to their millions of followers, alongside a bitcoin wallet code for people to drop their digital currency into.
The wallet received more than $168,000 in donations within a matter of hours.
But an investigation has revealed hackers also had access to personal information contained within compromised accounts, the full extent of which is still unclear.
“Attackers were able to view personal information including email addresses and phone numbers, which are displayed to some users of our internal support tools,” Twitter said in a statement over the weekend.
The company says it is liaising with affected users, but delivered a mea culpa of sorts, saying it is “embarrassed” and “disappointed”.
“We’re acutely aware of our responsibilities to the people who use our service and to society more generally,” the company said.
“We’re embarrassed, we’re disappointed, and more than anything, we’re sorry. We know that we must work to regain your trust, and we will support all efforts to bring the perpetrators to justice.
“We hope that our openness and transparency throughout this process, and the steps and work we will take to safeguard against other attacks in the future, will be the start of making this right.”
The hackers manipulated a “small number” of the social media giant’s employees then used their credentials to gain access to internal tools typically only available to staff.
“In this context, social engineering is the intentional manipulation of people into performing certain actions and divulging confidential information,” the company said.
When the hacked accounts began sending out Bitcoin codes, Twitter says it began revoking access manually, subsequently preventing users from changing their passwords and blocking verified “blue tick” users from sending tweets.
“We are continuing our investigation of this incident, working with law enforcement, and determining longer-term actions we should take to improve the security of our systems,” Twitter said.
“We have multiple teams working around the clock focused on this and on keeping the people who use Twitter safe and informed.”