Twitter hasn’t found evidence of passwords being compromised in Thursday’s hack. However, it has locked all accounts that attempted a password change in the last 30 days.
“We have no evidence that attackers accessed passwords. Currently, we don’t believe resetting your password is necessary,” the Twitter support account said.
However, Twitter also confirmed the company has locked any accounts that have attempted a password change in the past 30 days as a precautionary measure.
Out of an abundance of caution, and as part of our incident response yesterday to protect people’s security, we took the step to lock any accounts that had attempted to change the account’s password during the past 30 days.
— Twitter Support (@TwitterSupport) July 16, 2020
Twitter Support also stated not all locked accounts were hacked.
“If your account was locked, this does not necessarily mean we have evidence that the account was compromised or accessed,” Twitter Supper said.
“So far, we believe only a small subset of these locked accounts were compromised, but are still investigating and will inform those who were affected.”
If your account was locked, this does not necessarily mean we have evidence that the account was compromised or accessed. So far, we believe only a small subset of these locked accounts were compromised, but are still investigating and will inform those who were affected.
— Twitter Support (@TwitterSupport) July 16, 2020
Twitter has not provided a timeline regarding when these accounts will be unlocked.
We’ve been working around the clock and will continue to provide updates here.
— Twitter Support (@TwitterSupport) July 16, 2020
Twitter is hacked
This week hackers successfully took over a large number of high profile Twitter accounts. This included Elon Musk, Bill Gates and Barack Obama.
[related_content first=”1231390″]
The accounts proceeded to tweet a scam that asked people to send them bitcoin. The accounts said they would send double that amount back to the original user. This was followed by a link to a blockchain wallet.
Even Apple’s account was breached, making this its first ever tweet.
yep, this has to be a site-wide hack
no way they’re brute forcing their way into these accounts pic.twitter.com/ehcqKJo5Mk
— Quinn Nelson (@SnazzyQ) July 15, 2020
The issue was caught relatively quickly, but within a few hours around $169,000 worth of Bitcoin had passed into one of the advertised blockchain wallets. The vast majority of the bitcoin has now been funnelled out.
Twitter stopped all verified accounts from tweeting for about an hour on Thursday as it investigated the situation.
It might have been an inside job
Twitter has confirmed that internal tools were used in hack. Considering that so many high profile accounts were taken over and tweeted simultaneously, this isn’t exactly surprising.
“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” the Twitter Support account said.
“Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.”
It’s unclear whether the tool also granted hackers access to DMs.
[related_content first=”1231551″]
Hackers allegedly connected to the incident have told Motherboard that Twitter employees willingly engaged in in the hack. One source even claimed that they paid employees for access.
According to Motherboard, Twitter said it is still investigating whether it was a social engineering attack or if some employees were willingly involved.
According to the Wall Street Journal the FBI has gotten involved due to national security concerns since Barack Obama and presidential candidate Joe Biden had their accounts hacks.
U.S. lawmakers are also said to be calling for transparency regarding how the attack occurred.