Twitter on Wednesday revealed hackers accessed the direct message inboxes of 36 high-profile accounts in an unprecedented security breach last week.
The microblogging service in a tweet said it believes DM inboxes of "up to 36" accounts were accessed, including one belonging to an unnamed elected official in the Netherlands. It was the first time a former or current elected official's DMs were accessed in a hack, the company said.
Twitter has not disclosed which accounts were impacted in the incident, nor has the company said whose DM inboxes were infiltrated. Account holders affected by the breach have been contacted.
In total, 130 accounts were targeted in the July 15 attack; a scam campaign designed to dupe users into handing over bitcoin. Followers of Apple, Elon Musk, Jeff Bezos and others ultimately handed over more than $100,000 to the as-yet-unidentified hacker or hackers. For Apple, the scam post will go down as its first and so far only tweet.
DM inbox access was a lingering question in the wake of last week's security snafu. Successful penetration of the messaging subsystem would not only grant hackers access to chat histories, but also the ability to directly communicate with a user's contacts under false pretenses.
As noted by previous reports and Twitter, a social engineering attack was employed to garner employee credentials, which were then used to access internal administration tools. With admin panel privileges the hackers were able to bypass two-factor authentication protections to change email and password credentials, granting full control over multiple accounts.
Twitter continues to investigate the security breach and has instituted new safeguards in a bid to thwart future attempts.