Twitter Locks Down Accounts With Recent Password Changes, Denies They Were Compromised

Twitter Locks Down Accounts With Recent Password Changes, Denies They Were Compromised
BRAZIL - 2020/07/11: In this photo illustration a padlock appears next to the Twitter logo. Online data protection/breach concept. Internet privacy issues. (Photo Illustration by Rafael Henrique/SOPA Images/LightRocket via Getty Images)

Twitter hasn’t found evidence of passwords being compromised in Thursday’s hack. However, it has locked all accounts that attempted a password change in the last 30 days.

“We have no evidence that attackers accessed passwords. Currently, we don’t believe resetting your password is necessary,” the Twitter support account said.

However, Twitter also confirmed  the company has locked any accounts that have attempted a password change in the past 30 days as a precautionary measure.

Twitter Support also stated not all locked accounts were hacked.

“If your account was locked, this does not necessarily mean we have evidence that the account was compromised or accessed,” Twitter Supper said.

“So far, we believe only a small subset of these locked accounts were compromised, but are still investigating and will inform those who were affected.”

Twitter has not provided a timeline regarding when these accounts will be unlocked.

Twitter is hacked

This week hackers successfully took over a large number of high profile Twitter accounts. This included Elon Musk, Bill Gates and Barack Obama.

The accounts proceeded to tweet a scam that asked people to send them bitcoin. The accounts said they would send double that amount back to the original user. This was followed by a link to a blockchain wallet.

Screenshot: Gizmodo

Even Apple’s account was breached, making this its first ever tweet.

The issue was caught relatively quickly, but within a few hours around $169,000 worth of Bitcoin had passed into one of the advertised  blockchain wallets. The vast majority of the bitcoin has now been funnelled out.

Twitter stopped all verified accounts from tweeting for about an hour on Thursday as it investigated the situation.

It might have been an inside job

Twitter has confirmed that internal tools were used in hack. Considering that so many high profile accounts were taken over and tweeted simultaneously, this isn’t exactly surprising.

“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” the Twitter Support account said.

“Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.”

It’s unclear whether the tool also granted hackers access to DMs.

Hackers allegedly connected to the incident have told Motherboard that Twitter employees willingly engaged in in the hack. One source even claimed that they paid employees for access.

According to Motherboard, Twitter said it is still investigating whether it was a social engineering attack or if some employees were willingly involved.

According to the Wall Street Journal the FBI has gotten involved due to national security concerns since Barack Obama and presidential candidate Joe Biden had their accounts hacks.

U.S. lawmakers are also said to be calling for transparency regarding how the attack occurred.