Hacker News new | past | comments | ask | show | jobs | submit login

I think this assumes that only the obvious accounts were affected (basically any that sent out the tweet about the scam). It's quite possible many accounts were accessed more quietly.



If they were stealthily looking for dirt, why would they draw so much attention to the compromise? There’s no way Twitter wouldn’t examine all of the accessed accounts now and the “this process access” theory is both sketchy in general (Guccifer 2.0 publicized the idea of putting forgeries into a dump to make them seem legitimate) and wouldn’t apply in this case since these are different accounts.


I don't think there was a way to hide this from Twitter once it was executed, since each hacked account got a password reset email. Assuming that you can't hide it from Twitter, then it's a fine strategy to make sure that everyone, especially potential customers of the hacked DMs, knows that you hacked these accounts.


How does that fit with the theory I was responding to that they were stealthy with other accounts? It seems incongruous.


Some people are reporting that they got similar emails, even if they didn't tweet anything (example: https://twitter.com/BradyHaran/status/1283685874941808640).

The hackers may have saved the DMs from lots of accounts and only publicly used big accounts which don't have any DMs to publicize the hacks


If you're looking for dirt, you want to be the only one with the dirt to maximize potential for selling or blackmailing with said dirt. If you've found an exploit and exfiltrated the dirt that you care about, you might want to ensure that the exploit gets patched to stop others from being able to gain access to the dirt.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: