Breaking Popular Twitter accounts got hacked.

  • Thread starter Thread starter Raviteja
  • Start date Start date
  • Replies Replies: Replies 14
  • Views Views: Views 2,596
An update on our security incident

What happened

The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections.
As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets. We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken. In addition, we believe they may have attempted to sell some of the usernames.

For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. This is a tool that is meant to provide an account owner with a summary of their Twitter account details and activity. We are reaching out directly to any account owner where we know this to be true. None of the eight were verified accounts.

What the attackers accessed

The most important question for people who use Twitter is likely — did the attackers see any of my private information? For the vast majority of people, we believe the answer is, no. For the 130 accounts that were targeted, here is what we know as of today.
  • Attackers were not able to view previous account passwords, as those are not stored in plain text or available through the tools used in the attack.
  • Attackers were able to view personal information including email addresses and phone numbers, which are displayed to some users of our internal support tools.
  • In cases where an account was taken over by the attacker, they may have been able to view additional information. Our forensic investigation of these activities is still ongoing.

Our next steps

As we head into the weekend and next week, we are focused on these core objectives:
  1. Restoring access for all account owners who may still be locked out as a result of our remediation efforts.
  2. Continuing our investigation of the incident and our cooperation with law enforcement.
  3. Further securing our systems to prevent future attacks.
  4. Rolling out additional company-wide training to guard against social engineering tactics to supplement the training employees receive during onboarding and ongoing phishing exercises throughout the year.

An update on our security incident
 
The former employees familiar with Twitter security practices said that too many people could have done the same thing, more than 1,000 as of earlier in 2020, including some at contractors like Cognizant.

Twitter declined to comment on that figure and would not say whether the number declined before the hack or since. The company was looking for a new security head, working to better secure its systems and training employees on resisting tricks from outsiders, Twitter said. Cognizant did not respond to a request for comment.

Exclusive: More than 1,000 people at Twitter had ability to aid hack of accounts
 
Teenage Twitter hacker Graham Ivan Clark has pleaded guilty to last summer’s unprecedented bitcoin scam attack that involved the takeover of dozens of high-profile accounts on the social network, according to paperwork filed in Florida court on Tuesday. Clark, who was 17 when accused of leading the scam, will spend three years in prison as part of his plea deal. The Tampa Bay Times reported the news earlier today.

Clark has already been credited with 229 days of time served since his arrest last summer. As part of the deal, Clark is also being sentenced as a “youthful offender,” which lessened his prison time and also opens up the possibility that he can serve some of his sentence at a boot camp, according to the Tampa Bay Times. Clark will also be banned from using computers without permission and without supervision from law enforcement.

Teen ‘mastermind’ behind the great Twitter hack sentenced to three years in prison
 
Back
Top Bottom