Three individuals have been charged in connection with the July 15 hack of Twitter Inc., including a 17-year-old male that authorities have arrested and accused of being the mastermind of the scheme.
Graham Ivan Clark, of Tampa, Fla., was arrested and charged as an adult on Friday in connection with the incident, during which several prominent accounts, including those of Joe Biden, Elon Musk and Apple Inc., were taken over to promote a cryptocurrency scam.
Mr. Clark faces 30 felony charges related to the hack, according to a statement from the office of Hillsborough State Attorney Andrew Warren.
Also charged were Mason Sheppard, 19, of the United Kingdom, and Nima Fazeli, 22, of Orlando, Fla., the U.S. Justice Department said. Both were charged by the Justice Department on Friday.
“We appreciate the swift actions of law enforcement in this investigation,” Twitter said Friday.
Messrs. Clark, Sheppard and Fazeli couldn’t immediately be reached for comment.
The hackers targeted 130 Twitter accounts. They tweeted from 45, accessed the messages sent via the platform of 36 users, and downloaded the Twitter data of seven customers, the San Francisco-based company had said Thursday.
The Florida authorities said cryptocurrency accounts linked to Mr. Clark reaped more than $100,000 from the scam.
The mechanics of the attack revived concerns about Twitter’s approach to data security. The midmonth incident was the third major security issue linked to insider access to Twitter systems since the company entered into a 2011 consent decree with the Federal Trade Commission over weaknesses in its security practices.
The attack played out over hours until Twitter was able to shut out the hackers. Some Twitter accounts that the company locked as a precaution as it tried to restore regular service remained suspended for days.
Twitter hasn’t explained exactly how the social-engineering attack worked, but it appears that the hackers were able to gain access to user-support software that Twitter uses to manage the process of resetting passwords on accounts.
The access to Twitter accounts was then sold to a range of people on an online forum called OGUsers, according to prosecutors.
After the incident, Republican Sen. Josh Hawley of Missouri wrote Twitter chief Jack Dorsey a letter asking for further information about the hack, including whether the company in the past had considered more stringent access control measures and, if so, why it had decided not to implement them.
Twitter on Thursday said it was accelerating efforts to boost its security and tools. “We are also improving our methods for detecting and preventing inappropriate access to our internal systems and prioritizing security work across many of our teams.”
Write to Robert McMillan at Robert.Mcmillan@wsj.com
Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8