Twitter says an elected Dutch official was among 36 account holders whose direct message inboxes were accessed in a recent high-profile hack.
The politician, anti-Islam lawmaker Geert Wilders, said Thursday that he was informed by Twitter that his account was compromised by a hacker, who posted tweets on his account and sent false direct messages, or DMs, in his name.
The hacker ”indeed also got full access to my DM’s which of course is totally unacceptable in many ways,” Wilders said.
The social network revealed more details of the intrusion late Wednesday after completing a review of the 130 accounts that were targeted.
The U.S. tech company was embarrassed by last week’s hack, which compromised the accounts of some of its most high profile users, including world leaders, celebrities and tech moguls. The hack appeared designed to lure their Twitter followers into sending money to an anonymous Bitcoin account.
Of the 130 accounts, “36 is the number of accounts where the attacker took control of the account and viewed the DM inbox,” the company said.
“To date, we have no indication that any other former or current elected official had their DMs accessed,” the company said through its Twitter Support account
Wilders signaled that he got back control of his account on July 17, by tweeting “Back online!” with the hashtag #NoMoreHack.
Wilders said his inbox contained messages received during his decade using the social media platform from people critical of Islam or Middle East regimes, including from within countries like Iran, Saudi Arabia and Syria.
“I do hope they will not be in danger if their identity would be exposed because of this hack,” Wilders said. “I deleted most of them but maybe some were left there for the hacker to see and copy.” He added that he rarely wrote direct messages himself.
The company has previously said the incident was a “coordinated social engineering attack” that targeted some of its employees with access to internal systems and tools. They were then used to take control of many high-profile and verified accounts. The attackers were able to reset passwords for 45 accounts, and then login and tweet from them.
Twitter also confirmed that another eight accounts had their user data archive, including direct messages, downloaded through the “Your Twitter Data” tool, but none of those accounts were verified.
Related: Hackers Accessed, Downloaded Twitter User Data in Recent Attack
Related: Twitter Attack Was Work of Young Hacker Pals: NYT
Related: Industry Reactions to Twitter Hack: Feedback Friday
