US authorities have charged three individuals in connection with the July 15 Twitter hack that compromised 130 accounts, including those of famous figures such as Barack Obama, Bill Gates and Elon Musk.
One of the defendants, a 17-year-old, was dubbed the “mastermind” of the breach, by state prosecutors in Tampa, Florida. The other two, including a UK resident, were charged by federal prosecutors.
The high-profile breach of Twitter earlier this month involved the compromise of multiple accounts belonging to rich and powerful people. The accounts tweeted out messages asking their millions of followers to send bitcoin to an account, promising to the double their money.
According to Twitter, 36 out of the 130 accounts taken over during the hack had their private message inbox accessed. The attackers downloaded personal data, which could include phone numbers and email addresses, from seven of those accounts. They also raised more than $100,000.
“Today’s charging announcement demonstrates that the elation of nefarious hacking into a secure environment for fun or profit will be shortlived,” said David Anderson, the San Francisco US attorney.
The US Department of Justice named two of the defendants as Mason Sheppard, 19, of Bognor Regis in the UK, and Nima Fazeli, 22, of Orlando, Florida.
The third defendant was identified by Florida state prosecutors as 17-year-old Graham Ivan Clark of Tampa, Florida. Andrew Warren, the Hillsborough County state attorney, said Mr Clark had masterminded the hack.
Mr Warren’s office said it was prosecuting the case “because Florida law allows minors to be charged as adults in financial fraud cases such as this when appropriate”.
Twitter said in a tweet: “We appreciate the swift actions of law enforcement in this investigation and will continue to co-operate as the case progresses.”
Late on Thursday, Twitter said that hackers had targeted “a small number of employees through a phone spear phishing attack” — meaning that the staff in question were carefully, rather than randomly, selected and then fooled into handing over access to internal systems.
A spokesperson would not comment on whether Twitter insiders could have also aided the attackers.