[jgbond]

I’m guessing DMs were the real loot. The public display with the BTC diversion validates any DMs that were stolen. Otherwise blackmail targets could deny them.

[xvector]

These are publicly managed Twitter accounts, they probably don't have any DMs of substance.

[parsimo2010]

I'll bet that Bill Gates doesn't have much on his Twitter, but I'll also bet Elon Musk has some crazy DMs.

[CamperBob2]

Then again, the market for crazy is pretty saturated these days. Hard to see how to monetize it, at least in Musk's case.

[nvr219]

DMing SEC

[nullc]

They potentially had access to any account they wanted. You don't know that they weren't snarfing DMs on interesting accounts while having the celeb accounts panhandle for bitcoin after.

[dx034]

Is Musks account really publicly managed? He probably has an agency helping him but I doubt he'd use another account for DMs.

[Breza]

You'd be surprised. Some celebrities might engage in salacious activities via DM but even the most boring corporation can have lots of customer information in support chats.

[reilly3000]

I think that's the case. No prominent Republicans were targeted. See: Watergate, Wikileaks DNC emails. Same shit.

[dx034]

Or they were but it was kept secret. Twitter hasn't published a list, we only know of the BTC tweets. Maybe they actually were after other accounts' DMs and the tweets are just diversion to make it seem like an undirected attack.

Unless we hear from account holders that their credentials weren't stolen, there's no reason to believe that only those were hacked that sent tweets.

[zspade]

Except that is all the evidence we have to go on for this conversation. Verified fake tweets have been sent from prominent democrats, and not from any prominent republicans.

Of course you're right that we don't know is if this is political, or just a distraction from whatever their real goal is / was. But the optics are clear here, and there is no reason to muddy the waters.

[cj]

If DMs were the real loot, they wouldn’t have exposed the hack by tweeting on the account.

[nickff]

If DMs were the real loot, the tweets were a "proof of work" (to show the accounts had really been owned).

You can prove you have 'blackmail materials' just by proving you own the bitcoin wallet.

[dx034]

They needed to reset credentials so this could've never been a stealth attack. By making it public, any later leak of DMs is much more likely to be accepted as authentic. Without that, most people would've doubted the authenticity of leaked material.

[Breza]

Precisely. And who's to say which leaked DMs are real and which ones are faked? If you're interested in this kind of stuff, I recommend the book Active Measures.

[Mountain_Skies]

Perhaps it is a form of proof that they actually have access to the accounts and thus the DMs. Just posting claimed DMs that can be deleted and denied has a lower probability of being believed.

[benlumen]

Data theft like that is normally silently dumped after the breach occurs and anyone knows what happened.

This looks more like data injection somewhere. Perhaps an old API exploit. You used to be able to send an SMS to tweet, for example.

[Nextgrid]

Kill 2 birds with one stone? Once you stole the data why not double-dip and make extra money by pulling a scam?

[vlz]

What does "DM" mean in that context?

(Went to wikipedia, but their suggestions like Death Metal and Dance marathon are probably not it ;) https://en.wikipedia.org/wiki/DM )

[q-base]

Direct messages - so private messages to and from

[ben174]

Interesting theory, but then why would they include Apple? Among others in the list, they’re almost guaranteed to be of no value and only increase the risk.

[axaxs]

Interesting theory, but this widespread hack pretty much gives most people plausible deniability in my opinion.

[canjobear]

Blackmail targets could still deny them.