At this time, we believe attackers targeted certain Twitter
employees through a social engineering scheme. What does this
mean? In this context, social engineering is the intentional
manipulation of people into performing certain actions and
divulging confidential information.
The attackers successfully manipulated a small number of employees
and used their credentials to access Twitter’s internal systems,
including getting through our two-factor protections. As of now,
we know that they accessed tools only available to our internal
support teams to target 130 Twitter accounts. For 45 of those
accounts, the attackers were able to initiate a password reset,
login to the account, and send Tweets. We are continuing our
forensic review of all of the accounts to confirm all actions that
may have been taken. In addition, we believe they may have
attempted to sell some of the usernames.