Twitter Posted an Update About their Security Incident

Twitter has posted an update about what happened regarding what they are calling their “security incident”. Not everything is being revealed right now, in order to protect the security of their efforts. Twitter said it will provide more details, where possible, in the future.

The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets. We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken. In addition, we believe they may have attempted to sell some of the usernames.

In eight of the affected Twitter accounts, the attackers downloaded the account’s information through Twitter’s “Your Twitter Data” tool. It is a tool that is meant to provide an account owner with a summary of their Twitter account details and activity.

Twitter states that the attackers did not see the private information of the majority of Twitter users. For the 130 accounts that were targeted, Twitter revealed:

  • Attackers were not able to view account passwords, as those are not stored in plain text or available through the tools used in the attack.
  • Attackers were able to view personal information including email addresses and phone numbers, which are displayed to some users of Twitter’s internal support tools.
  • In cases where an account was taken over by the attacker, they may have been able to view additional information. Twitter’s forensic investigation of these activities is still ongoing.

Twitter is also aware that they need to “begin the long work of rebuilding trust with the people who use and depend on Twitter.” This is definitely something Twitter needs to worry about.

The accounts that got hacked belonged to current and former politicians, big name brands, and celebrities. These are the people who have a huge number of followers, might be purchasing ads, and who have a lot of influence. If that group now has concerns about Twitter’s security measures – they might leave the platform.