A little more than an hour after the attack began, Twitter apparently moved to prevent holders of verified accounts from tweeting. Users reported that non-verified accounts could still tweet.
“You may be unable to Tweet or reset your password while we review and address this incident,” Twitter’s support account said.
Statements from Twitter
Twitter released a statement on its platform addressing the attack.
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
— Twitter Support (@TwitterSupport) July 16, 2020
In a blog post updated on July 22, Twitter explained that the perpetrators downloaded personal data from up to eight of 130 compromised accounts.
Twitter officials did not specify which accounts were affected, although they said that “none of the eight were verified accounts,” by which the company means none of them was the official account of a public figure.
Binance released its own statement addressing the incident, denying association with the hacker and offering assurances that the hacker’s wallet addresses have been blocked from depositing assets.
