Hackers involved in the high-profile hijacking of accounts earlier this week were young pals with no links to state or organized crime, The New York Times reported on July 17.
The attack, which Twitter and federal police are investigating, started with a playful message between hackers on the platform Discord, a chat service popular with gamers, according to the Times.
The paper said it had interviewed four people who participated in the , who shared logs and screenshots backing up their accounts of what happened.
"The interviews indicate that the attack was not the work of a single country like Russia or a sophisticated group of hackers," the Times reported.
"Instead, it was done by a group of young people - one of whom says he lives at home with his mother - who got to know one another because of their obsession with owning early or unusual screen names, particularly one letter or number, like @y or @6."
The massive hack of high-profile users from Elon Musk to Joe Biden has raised questions about Twitter’s security as it serves as a megaphone for politicians ahead of November’s election.
"Based on what we know right now, we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident," Twitter said in a tweet.
"For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts."
Posts trying to dupe people into sending hackers the virtual currency bitcoin were tweeted by the official accounts of Apple, Uber, Kanye West, Bill Gates, Barack Obama and many others on Wednesday.
Twitter said it appeared to be a "coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools." Fraudulent posts, which were largely deleted, said people had 30 minutes to send $1,000 in cryptocurrency bitcoin, promising they would receive twice as much in return.
More than $100,000 worth of bitcoin was sent to email addresses mentioned in the tweets, according to Blockchain.com, which monitors crypto transactions.
The young hackers interviewed by the Times said a mysterious user who went by the name "Kirk" initiated the scheme with a message and was the one with access to Twitter accounts.
They contended they were only involved in commandeering lesser-known Twitter accounts, particularly to swipe coveted short handles such as an "@" sign and single letters or numbers that could easily be sold, according to the report.
The young hackers maintained they stopped serving as middlemen for "Kirk" when high-profile accounts became targets.
Some hackers are "obsessed" with hijacking "Original Gangster" social media accounts staked out in the services’ early days that have short profile names, according to Brian Krebs of Krebs on Security.
"Possession of these OG accounts confers a measure of status and perceived influence and wealth in SIM swapping circles, as such accounts can often fetch thousands of dollars when resold in the underground," Krebs said in a post. Hackers involved in the attack on Twitter advertised account names at an OGusers.com website, asking for payment in bitcoin, according to the Times report.