A 22-year-old man was arrested in Spain on Wednesday in connection with the hack of more than 100 Twitter accounts last July, becoming the fourth person charged in the incident, which led to a temporary shutdown of the social media service.
The man, Joseph O’Connor, faces charges in the United States of hacking, extortion and cyberstalking in the Twitter breach and is accused in hacks of the TikTok account of the popular creator Addison Rae Easterling and the Snapchat account of the actor Bella Thorne, the Justice Department said.
The Twitter incident began when the hackers connected last year in an online forum focused on buying and selling rare user names, some of the individuals involved told The New York Times at that time. They then broke into Twitter’s systems by tricking employees into providing login information, according to legal filings. The hackers used an administrative tool to take over accounts belonging to political figures and celebrities, including former President Barack Obama, Kanye West and Elon Musk, using the accounts to conduct a Bitcoin scam, the filings said.
Graham Ivan Clark, an 18-year-old who prosecutors said was the “mastermind” of the Twitter hack, pleaded guilty to fraud charges in March in a Florida court and agreed to serve three years in juvenile prison. Two others, Mason Sheppard and Nima Fazeli, were arrested and accused of serving as middlemen for Mr. Clark to sell the Twitter accounts.
Mr. O’Connor was a well-known figure among hackers dealing in user names, going by the name “PlugWalkJoe.” According to chat logs that the hackers shared with The Times last July, Mr. O’Connor interacted with the group briefly, acquiring the Twitter handle @6.
At the time, Mr. O’Connor denied involvement in the Bitcoin scam. “I don’t care,” he said in an interview. “They can come arrest me. I would laugh at them. I haven’t done anything.”
According to an affidavit submitted by an agent with the Federal Bureau of Investigation who investigated the breach, Twitter’s logs showed that a Twitter account belonging to Mr. O’Connor had viewed several accounts, as though shopping, during the hack.
Ms. Thorne’s Snapchat account was compromised in June 2019, according to the affidavit. The hacker threatened to release nude photos found on the account unless Ms. Thorne posted a tweet thanking him for returning her account, the affidavit said.
Instead, Ms. Thorne posted the images on Twitter. “I feel gross, I feel watched, I feel someone has taken something from me,” she wrote in a statement accompanying the photos. “I can sleep tonight better knowing that I took my power back. U can’t control my life u never will.”
In June 2020, Mr. O’Connor made false police reports threatening violence at schools, restaurants, an airport and a residence in Southern California, the affidavit said. The threats were an attempt to cast scrutiny on a youth who lived in the area and had clashed with Mr. O’Connor online, the affidavit said. Mr. O’Connor also sent threatening messages and nude photos to the youth, the affidavit said.
In August, a month after the Twitter breach, hackers took over Ms. Easterling’s TikTok account, which had more than 55 million followers. In an apparent reference to Mr. O’Connor’s online moniker, her page was updated with the message “plugwalkjoe zak n crippin.”
The F.B.I. found that Ms. Easterling’s account was accessed during the hack by internet protocol addresses linked to Mr. O’Connor, the affidavit said. They also found screenshots of her account saved in Mr. O’Connor’s Snapchat, the affidavit said.
Twitter declined to comment. Representatives for Snap, TikTok, Ms. Thorne and Ms. Easterling did not immediately respond to requests for comment.
Mr. O’Connor, who is British, faces extradition to the United States and will face charges in Northern California. A lawyer for Mr. O’Connor could not be immediately identified.