Skip to main content

Go read The New York Times’ incredible account of how the Twitter attack may have happened

Go read The New York Times’ incredible account of how the Twitter attack may have happened


We’re starting to get an idea of how the legendary hack went down

Share this story

Illustration by Grayson Blackmon / The Verge

Reporters are starting to piece together the behind-the-scenes events of the unprecedented Twitter attack on Wednesday almost as fast as the official investigators themselves. And the clearest idea of what may have happened two days ago — when roughly 130 accounts were compromised using internal company tools — comes courtesy of The New York Times this afternoon.

Reporters Nathaniel Popper and Kate Conger tell the stories of four individuals involved in the hack and how exactly it spiraled out of control and resulted in the takeovers of some of the platforms most high-profile and sensitive accounts.

The Times’ report says the central hacker got access to Twitter systems via Slack messages

The Times report says the attack can be traced back to a group of hackers who congregate online at, a username-swapping community where people buy and sell coveted online handles, typically consisting of single letters or numbers. Two prominent users, which The Times identifies by the online monikers “lol” and ““ever so anxious,” came into contact with someone they’d never heard of before, who only identified themselves as “Kirk.”

This Kirk somehow had access to internal Twitter administrative tools, software so powerful it apparently could take control of almost any account, the report says. One of the most staggering details is how Kirk says he got the login credentials: by copying them from a message posted to an internal Twitter Slack channel, the two hackers tell The Times. It’s unclear at this time how Kirk allegedly got access to Twitter’s Slack, if that is indeed where he got the login info. Previous reporting from Motherboard said hackers may have gained access to the internal tool by bribing an existing employee, although it’s not clear what in this case is the truth.

The Times then paints a fascinating picture of how Kirk’s alleged access to Twitter systems snowballed, starting with Kirk’s takeover of short account names like @y and @6 and, over the course of many hours, turning into what became the most devastating hack Twitter has ever seen in its history.

The OGusers hackers spoke with The Times to clear their names and play down their involvement in the attack; they say Kirk was the mastermind who on his own decided to start targeting the accounts of individuals like Elon Musk and Joe Biden, and his identity and motivations remain unknown, the report says. It’s a truly astounding piece of reporting everyone should go read. And if it ultimately proves accurate once Twitter speaks more openly about the findings of investigation, it will undoubtedly have long-lasting effects on Twitter’s internal security and the way high-profile people and businesses use the platform.