Twitter says private messages of 36 people accessed during major celebrity hack

Hackers who broke into celebrity Twitter accounts probably read the private messages of 36 accounts, the social media platform has said.

The announcement comes as the company continues its investigation into the effects of probably the site’s most high-profile cyberattack ever.

The hack saw criminals post messages about a bitcoin scam to the accounts of a variety of celebrities, encouraging their followers to send cryptocurrency to a specific address with the false promise of receiving more in return.

But experts noted that those behind the cyberattack probably had far more widespread access to those accounts, and that yet more information could have been stolen than it appeared.

One of the 36 accounts that had their direct messages read belonged to an elected official in the Netherlands, Twitter said, though there is nothing to indicate that any other elected officials’ conversations were accessed. The company did not otherwise indicate who the other 35 accounts may have belonged to.

Twitter previously said the attackers tweeted from 45 “verified” accounts, including those belonging to such well-known names as entrepreneurs Elon Musk and Bill Gates, and former vice president Joe Biden.

Asked if the 36 accounts where messages might have been read included any verified accounts, Twitter said it would not answer.

In general, someone with the ability to tweet from an account would also be able to read previously sent or received messages that had not been deleted.

That would make it likely that some of the most famous people in the world had private messages read by hackers still at large. The FBI is investigating the case from its San Francisco office.

Twitter previously said that the attackers downloaded mass data from eight accounts, none of them the verified accounts with blue checks that include famous people, officials and some in the media.

The downloading tool does not provide access to Twitter messages, a spokesperson said.

For accounts they won access to, the company said the hackers would have been able to see phone numbers and email addresses but not previous passwords.