Twitter provides an overview about what it knows about Wednesday's hack so far: how it happened, what the attackers accessed, its actions, and the next steps
As we've been informing via the @TwitterSupport account, on Wednesday, July 15, 2020, we detected a security incident at Twitter and took immediate action.
Related Coverage
- Twitter says 130 accounts targeted, 45 compromised in security breach iMore · Stephen Warwick
- Twitter's Bitcoin hackers had almost limitless access Engadget · Violet Blue
- Crypto Twitter Hack Recap: A ‘Wake Up Call’ for Centralized Platforms Cointelegraph · Gareth Jenkinson
- Some accounts had private messages stolen in Twitter hack Digital Trends · Georgina Torbet
- Twitter says hackers downloaded data from up to 8 accounts CNET · Queenie Wong
- Twitter Says Several Employees Were Manipulated By Hackers Bloomberg · Sarah Frier
- Twitter says hackers downloaded private account data BBC
- Twitter Outlines Specific Detail of Recent Hack: 130 Accounts Impacted, Personal Information Compromised Social Media Today · Andrew Hutchinson
- Twitter Hack & Scam Security Boulevard · SecurityExpert
- Uh-oh: Twitter says hackers swiped personal data during the big verified user hack Mashable
- A prominent senator is calling out Twitter following its massive hack for not encrypting DMs … Business Insider · Tyler Sonnemaker
- High‑profile Twitter accounts hacked to promote Bitcoin scam WeLiveSecurity · Amer Owaida
- Twitter says hackers accessed personal data from 8 accounts in bitcoin scheme Axios · Ursula Perano
- How the massive Twitter hack may have happened CNN · Brian Fung
- Elliptic Identifies Likely Use Of Wasabi Wallet Service To Launder Twitter Hack Bitcoins elliptic.co · Dr. Tom Robinson
- Elon Musk Selling DOGE Gives Dogecoin Another Pump BitcoinExchangeGuide · AnTy
- The Morning After: The first side-mounted selfie camera Engadget
- NYT: ‘Hackers Tell the Story of the Twitter Attack From the Inside’ Daring Fireball · John Gruber
- The FTC may depose Facebook CEO Mark Zuckerberg (left) and his chief operating officer Sherly Sandberg … Daily Mail · Ralph R. Ortega
- How the Twitter hack highlights the dangers of Slack Mashable · Jack Morse
- Go read The New York Times' incredible account of how the Twitter attack may have happened The Verge · Nick Statt
- Twitter Bans Crypto Addresses; BlockCrushr Accuses ConsenSys of Stealing Code; El Salvador Town Adopts Bitcoin CoinSpice · Linzerd
- Stolen Bitcoin from Twitter hack is already being laundered: report Decrypt · Guillermo Jimenez
- The FTC is reportedly considering deposing Mark Zuckerberg and Sheryl Sandberg in its antitrust … Business Insider · Rob Price
- Twitter Breach Could Have ‘Breathtaking Impact’ Newser · Rob Quinn
- Twitter Hacker Is Mixing Bitcoin Loot Using a Wasabi Wallet, Elliptic Says CoinDesk · Kevin Reynolds
- Twitter confirms ‘Bitcoin’ hackers copied the data of several accounts Engadget · Richard Lawler
- Twitter Hacking Exposes More Than One Company's Vulnerability Real Clear Politics · Kalev Leetaru
- Twitter hack: FBI investigates major Twitter attack BBC
- Twitter hack: 130 accounts targeted in attack BBC
- Twitter hack presages a bumpy election Axios
- Twitter Gives More Insight into Crypto Scam Involving 130 Hacked Accounts iPhone in Canada Blog
- Twitter Confirms 130 Accounts Were Hit in the Latest Hack Gizmodo · Shoshana Wodinsky
- In the wake of massive hack, Senator Wyden rebukes Twitter for lack of DM encryption Silicon Florist · Rick Turoczy
- Twitter Says 130 Accounts Targeted in Hack That Hijacked Feeds of Kanye, Biden, Obama, Bezos and Others Variety · Todd Spangler
- Government Agencies Are Now on the Bitcoin Trail to Identify Twitter Hackers BitcoinExchangeGuide · AnTy
- Twitter's clumsy response to hack raises questions about Jack Dorsey's role CNET · Richard Nieva
- Twitter Says Hackers Targeted 130 Accounts in Recent Attack SecurityWeek · Ionut Arghire
- Twitter says about 130 accounts were targeted in cyber attack this week Reuters · Shubham Kalia
- Approx. 130 Accounts Targeted in Twitter Hack, FBI Takes Over Case Cryptonews · Fredrik Vold
- 11,027 media layoffs so far this year The Media Nut · Josh Sternberg
- What the Twitter Hack Revealed: An Election System Teeming With Risks New York Times
- Twitter Hacked in Bitcoin Scam blog.trendmicro.com · Mark Nunnikhoven
- Twitter Says Hackers Downloaded Some Users' Personal Data in Recent Attack Wall Street Journal · Euirim Choi
- Twitter testing support for customizable app icons on iOS, new splash screen design 9to5Mac · Chance Miller
- Twitter Hack Compromises Verified Accounts & This Week's Digital Marketing News [PODCAST] Search Engine Journal · Christine Zirnheld
- Twitter says 130 accounts were targeted in massive Bitcoin hack Digital Trends · Trevor Mogg
- After This Week's Hack, It Is Past Time for Twitter to End-to-End Encrypt Direct Messages Electronic Frontier Foundation
- The Problem With Banning TikTok OneZero · Will Oremus
- Q&A with Facebook's chief diversity officer Maxine Williams, who discusses Facebook's latest diversity report and says it is going to hire a VP of civil rights The Verge · Casey Newton
- Twitter Restricts Sharing of Bitcoin (BTC) and Crypto Wallet Addresses After Wide-Scale Hack The Daily Hodl
- Twitter says attackers downloaded data from up to eight non-verified accounts The Irish Times
- Security News This Week: Who Pulled Off the Twitter Hack? Wired · Brian Barrett
- The Twitter Hacks Have to Stop The Atlantic · Bruce Schneier
- Twitter: ‘An Update on Our Security Incident’ Daring Fireball · John Gruber
- Twitter Attack Was Work of Young Hacker Pals: NYT SecurityWeek
- The importance of the Twitter hack should not be missed TechnoLlama · Andres Guadamuz
- Twitter Struggles to Unpack a Hack Within Its Walls New York Times
- Hackers Convinced Twitter Employee to Help Them Hijack Accounts Michael Tsai
- Twitter automatically flags more than half of all tweets that violate its rules Fast Company · Steven Melendez
- Report: Twitter hackers were amateurs, not state-backed Axios · Kyle Daly
- SPACs as a Call Option on Hype The Diff · Byrne Hobart
- Before hack tore through Twitter, online forum offered accounts for sale Reuters
- Twitter's hack reveals glaring security concerns around DMs The Daily Dot · Andrew Wyrich
- 21-Year-Old Linked to Massive Twitter Hack Newser · John Johnson
- Twitter Hack Update: What We Know (and What We Don't) Threatpost · Tara Seals
- Twitter Hack Draws Reactions from Congress and the FBI InsideBitcoins.com · Jimmy Aki
- Senator asks Twitter about claim worker was paid to help with hack Reuters · Diane Bartz
- Twitter is Dead to Me - What Really Happened This Week Security Boulevard · Richi Jennings
- 6 times Twitter's security was breached Decrypt · Tom Wiggins
- Wednesday's Hack Shows that The Whole World Is in Your Twitter DMs Nextgov · Patrick Tucker
- Why Twitter is a prime target for hackers CNN
- Twitter Hack - Security Researcher Points to Notorious Sim Swap Fraudsters Crowdfund Insider · JD Alois
- Twitter Releases New Details About Recent Hack of High-Profile Accounts Security Boulevard · Filip Truta
- Xbox gets closer to Netflix for gaming with xCloud joining Game Pass, and more Android Authority · Tristan Rayner
- Twitter hack fallout: Investigators on trail of cyber criminals ComputerWeekly.com · Alex Scroxton
- The FBI Is Investigating the Twitter Attack That Hijacked Accounts to Promote a BTC Scam CryptoGlobe · Francisco Memoria
- Twitter hack is another wake-up call about security ahead of the election CNET
- A hacker forum obsessed with super-short ‘OG’ … Business Insider
- Is this the hacker behind the huge Twitter breach? The Daily Dot · Mikael Thalen
- Twitter hack: Suspect identified; why Trump's account wasn't hacked; more 9to5Mac · Ben Lovejoy
- Twitter Hack Of Kardashian, Obama And 130+ Other A-Listers Invites FBI Probe PYMNTS.com
- The Morning After: Sub-$700 gaming laptops and a $10,000 12K camera Engadget
- Twitter hack exploded the popularity of Bitcoin on social media CryptoSlate · Priyeshu Garg
- What really happened with the Twitter hack? The 6 biggest theories CyberNews · Bernard Meyer
- Twitter Hackers Gained Access to Accounts Using Internal Tool MacRumors · Tim Hardwick
- Twitter Hackers who Targeted High-Profile Accounts Received $121,000 in Bitcoin Coinspeaker · Daria Rud
- Twitter Says Hackers Targeted Just 130 People in Cyber-Attack Bloomberg · Kurt Wagner
- Twitter's massive hack could be even worse than it seems CNN · Brian Fung
- 130 Twitter accounts were targeted by hackers in the grand Bitcoin scam The Next Web · Ivan Mehta
- 130 high-profile Twitter accounts targeted in hacking attack The Guardian · Alex Hern
- FBI joins Twitter hacker hunt after prominent accounts hijacked Al Jazeera
- Following the Twitter attack, Google says it temporarily prevented Twitter carousel boxes from displaying in Search results Search Engine Land · Barry Schwartz
- Twitter hack exposes a huge new internal Security hole It's a Gadget · Andrei C.
- Twitter blames social engineering for hack as a possible suspect is named SiliconANGLE · Duncan Riley
- Who's Behind Wednesday's Epic Twitter Hack? Slashdot · BeauHD
- Twitter hack reportedly originated with posts on a gray market forum Engadget · Karissa Bell
- The Twitter attack may have been executed by a 21-year-old SIM swapper, researcher says Input · Tom Maxwell
Discussion
-
@twittersupport
@twittersupport
on x
There is a lot speculation about the identity of these 8 accounts. We will only disclose this to the impacted accounts, however to address some of the speculation: none of the eight were Verified accounts.
-
@bzamayo
Benjamin Mayo
on x
This is like Twitter Cluedo https://twitter.com/...
-
@twittersupport
@twittersupport
on x
We're sharing a blog post that collects the latest on our investigation. It reiterates what we've already shared here, and includes a few new findings. https://blog.twitter.com/...
-
@kateconger
Kate Conger
on x
Update from Twitter: Attackers could tweet from 45 of the 130 accounts they targeted. For 8 accounts, they downloaded full archive data. https://blog.twitter.com/...
-
@briankrebs
@briankrebs
on x
Twitter w/ more info on hack. A “small #” of employees “manipulated.” 130 accounts targeted, succeeded in tweeting from 45 of them & may have been able to view additional info (read: DMs). On 8 accounts, d/l'd account history using Your Twitter Data tool. https://blog.twitter.com…
-
@djlavoie
Dan Lavoie
on x
This doesn't feel like some ham-handed Bitcoin scam for a couple hundred thousand dollars. https://twitter.com/...
-
@edzitron
Ed Zitron
on x
The hell dude has been compromised https://twitter.com/...
-
@firstadopter
Tae Kim
on x
45 accounts were password reset and then logged in to send tweets, which also means they had full control and access to the account including DMs, no? https://blog.twitter.com/... https://twitter.com/...
-
@kantrowitz
Alex Kantrowitz
on x
The one who uses their account at volume is Elon. Can't imagine Obama spending his days sliding into DMs — though you never know. Bezos, fwiw, already has experience with his messages getting hacked. https://blog.twitter.com/...
-
@malwaretechblog
@malwaretechblog
on x
Anyone happen to be or know any of the 8 accounts who were notified by Twitter that their data was stolen? https://twitter.com/...
-
@ourielohayon
Ouriel Ohayon
on x
In under one year. 1. An employee leaving deleted briefly the twitter account of Donald trump. 2. Jack was sim jacked by social engineering 3. Mass twitter hack via internal manipulation Time to invest massively in internal opsec Twitter. https://twitter.com/...
-
@scottmstedman
Scott Stedman
on x
For these 8 accounts, it is the worst case scenario. Private data accessed and downloaded. Likely no way to get it back. https://twitter.com/...
-
@oneunderscore__
Ben Collins
on x
Hopeful, if weird, update. https://twitter.com/...
-
@atrupar
Aaron Rupar
on x
This seems to rule out that Biden and Obama were among accounts whose data was exfiltrated, however https://twitter.com/...
-
@kayvz
Kayvon Beykpour
on x
We just published the latest accounting of what we know about Wednesday's security incident in a blog post. Will continue sharing updates publicly as we learn more https://twitter.com/...
-
@ruskin147
Rory Cellan-Jones
on x
“An update on our security incident.” Most striking line “For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account's information through our “Your Twitter Data” tool.” https://blog.twitter.com/...
-
@staska
Stasys Bielinis
on x
Damn - looking at this + NYT : https://www.techmeme.com/... All those randomly numbered APTs funded by millions of Nation States $$ must feel hugely embarrassed how script kiddies beat them to this Or crazy angry the cool scheme they had to read #Trump DMs just got exposed
-
@rmac18
@rmac18
on x
Twitter now confirming multiple employees were socially engineered back hackers. Still no confirmation that anyone was bribed, as previously reported. 45 accounts out of 130 accessed had passwords reset. Up to 8 had data downloaded. https://blog.twitter.com/... https://twitter.co…
-
@tsunamino
Danielle Leong
on x
This is actually a fairly normal support tool and often how support is able to diagnose problems. It's typically auditable and go through multiple layers of access checks. If anything, this shows you should always invest in internal tools for support https://twitter.com/...
-
@dnvolz
Dustin Volz
on x
New: FBI is probing the Twitter hack, people familiar with the investigation said, amid growing concerns vulnerabilities within the company's systems could pose broader risks to international security. Senate Intel has also asked Twitter for a briefing. https://www.wsj.com/...
-
@magmill95
Maggie Miller
on x
Reuters is reporting that the FBI is leading an investigation into the Twitter hacking incident last night, while New York Gov. Cuomo just separately directed the state to look into the incident: https://www.reuters.com/...
-
@kateconger
Kate Conger
on x
Here's what we know: Someone going by the name Kirk got access to Twitter's internal dashboard. He claimed to be a Twitter employee, but later claimed he hacked into Twitter's Slack channel and found login credentials pinned there.
-
@tomwarren
Tom Warren
on x
the Twitter hacker reportedly got access to Twitter's admin panel by finding login credentials pinned inside a Twitter Slack channel. If that's true then holy shit. https://www.nytimes.com/... https://twitter.com/...
-
@kateconger
Kate Conger
on x
Hackers involved in the Twitter breach said it started as a quest for cool usernames. Then one member of the group began going after cryptocurrency companies, Jeff Bezos, and Kanye West. w/@nathanielpopper https://www.nytimes.com/...
-
@kahjahkins
Kahlief Adams
on x
If true, i'm not sure why that is surprising. Anyone who's ever worked in IT know that all of our system for the most part are still run by humans. Humans do stuff like this ALL THE TIME lol https://twitter.com/...
-
@karaswisher
Kara Swisher
on x
Btw this is a great thread if you want to learn a thing or two about security. In this case, bad security 👇 https://twitter.com/...
-
@ericajoy
Erica Joy
on x
1) who is sharing creds in SLACK?! i cannot. i was giving twitter a lot of leeway, the pwn comes for us all in the end, but this? this is too much. 2) why did “kirk” appear for this hack then disappear right after? (who is he?) 3) how did “kirk” get access to the twitter slack? h…
-
@modestproposal1
Modest Proposal
on x
Real talk: if you gain control of the most important accounts in the world and only make $113K you should be arrested for being the most incompetent crook of all time. “Here's the key to bank vault. Take whatever” “No thanks, give us those pens, the coffeemate and 3 notepads” htt…
-
@chuckrossdc
Chuck Ross
on x
Slack is a bigger security threat for organizations than anything https://www.nytimes.com/... https://twitter.com/...
-
@racheltobac
Rachel Tobac
on x
Really interested to learn more in the weeds details of how attackers gained access to Twitter's admin panel. Here a hacker claimed they worked for Twitter but later switched their story and said they hacked into Twitter's Slack to get the creds and admin panel access. We'll see!…
-
@haseeb
Haseeb Awan
on x
Here is what happened as per my info. Hacker met a twitter employee on discord gaming channel and befriended him who sold him his login for 2000. Hacker then replaced emails through this tool & removed 2FA. Rest you guys know ! https://twitter.com/...
-
@karissabe
Karissa Bell
on x
Twitter keeping login credentials for this pinned to a slack channel is .. almost worse than the rogue employee scenario? Why would they not *at the very least* use a password manager?! https://twitter.com/...
-
@brendandburns
@brendandburns
on x
“Mr. O'Connor said other hackers had informed him that Kirk got access to the Twitter credentials when he found a way into Twitter's internal Slack messaging channel and saw them posted there” Production creds in Slack is a scary (but very real) thing https://www.nytimes.com/...
-
@mikefarb1
MikeFarb
on x
Exactly. Far greater chance Bitcoin was the cover. If they were able to post on multiple accounts timelines they were in the account. DM's sitting right there. https://twitter.com/...
-
@spyblog
@spyblog
on x
Is #STFU no longer part of #hacker #OPSEC ?? Keeping chat log files & talking to the press = prosecution & extradition, if they are lucky. Worse if they accessed sensitive DMs of billionaires “Hackers Tell the Story of the Twitter Attack From the Inside” https://www.nytimes.com/.…
-
@davidclinchnews
David Clinch
on x
First rule of sourcing information from anonymous self-proclaimed hackers: don't believe a word anonymous self-proclaimed hackers tell you...without receipts-Kate has the receipts still need to take some of what “Kirk” purportedly said about how he gained access with bags of salt…
-
@iblametom
Thomas Brewster
on x
Nice scoop - even if it isn't the most exciting narrative behind such a huge hack. If you're at Twitter security this has to be galling that kids/young adults chatting shit with each other on Discord caused such a huge event. https://twitter.com/...
-
@fbihop
Matthew Reichbach
on x
Started as “hey, we should take over and sell these one-character name accounts” and ended up with “let's scam bitcoin by using accounts of celebrities and other powerful people!”
-
@scottmstedman
Scott Stedman
on x
We live in the dumbest timeline. “the attack was not the work of a nation-state or a sophisticated group of hackers. Instead, it was done by a group of young people — one of whom says he lives at home with his mother” https://www.nytimes.com/...
-
@alexstamos
Alex Stamos
on x
If true, this is no bueno. Enterprises usually have three sources of authentication for employees/contractors: 1) Credentials 2) MFA token (hard or soft) 3) A provisioned corporate device You should have all three to access user data or account controls, not just #1. https://twit…
-
@yburyug
@yburyug
on x
on why they went crypto scam and not diplomatic market manipulation via compromised accounts, it's cuz it was a young kid whose like 20 and another bored older script kiddy and pry just lacked the cleverness & were dumb enough to talk to the times about it https://www.nytimes.com…
-
@quantian1
Quantian
on x
@modestproposal1 I am skeptical about this. There's almost certainly nothing of value in the DMs for blackmail, and if you tried to do a public stock pump the SEC could investigate/stop wires. Maybe you could try and mess with FX and use some shady Caymans broker and lots of leve…
-
@jacobrubashkin
Jacob Rubashkin
on x
The Times talked to four people they say were behind the Great Twitter Hack of July 2020: a bunch of 20-somethings who planned the attack on Discord and then got nervous when one person went rogue and took over high-profile accounts. https://www.nytimes.com/...
-
@tomrobin
Tom Robinson
on x
The #TwitterHack bitcoins have just started to move again - some being sent to ChipMixer Simultaneous movement of funds from two wallets that have received the hacker's bitcoins suggests they're still under the control of one person @elliptic #twitterscam #twitterhacked
-
@sdkstl
Staci D Kramer
on x
>>The hacker who received the message, using the screen name “lol,” decided over the next 24 hours that Kirk did not actually work for Twitter because he was too willing to damage the company.<< https://www.nytimes.com/...
-
@sanjaykalra
@sanjaykalra
on x
This #cyberattack is most disturbing not because it was sophisticated or well coordinated by powerful actors, but the opposite - cheaply done by amateurs. Wake up call for all Internet companies to improve defenses-technologically, people & process-wise. https://www.nytimes.com/.…
-
@davidjoachim
David S. Joachim
on x
Twitter hack: “4 people at the center of the scheme spoke with The Times and shared numerous logs and screen shots of the conversations they had on Tuesday and Wednesday, demonstrating their involvement both before and after the hack became public https://www.nytimes.com/... http…
-
@dave1agar
Dave Agar
on x
“it was done by a group of young people — one of whom says he lives at home with his mother — who got to know one another because of their obsession with owning early or unusual screen names, particularly one letter or number” https://www.nytimes.com/...
-
@juliacarriew
Julia Carrie Wong
on x
i don't usually cover cybersecurity and everything about this story is freaking me out would really really really love to see twitter get cracking on e2ee for dms and slack get moving on it too https://www.nytimes.com/...
-
@kateconger
Kate Conger
on x
When he woke up, Kirk was gone. He'd made off with about $180,000 in bitcoin. Here's our updated story with all the details: https://www.nytimes.com/...
-
@tomwarren
Tom Warren
on x
I love that the New York Times interviewed someone named “lol” and another called “ever so anxious,” on Discord, about the Twitter hack https://www.nytimes.com/...
-
@histoftech
Mar Hicks
on x
ok so twitter did the 2020 equivalent of leaving a post-it note on the monitor cool cool cool https://twitter.com/...
-
@rdrv3
@rdrv3
on x
Don't know if I buy Twitter's account of this being social engineering. Did a contractor or someone's kid get access to something they shouldn't have? I am starting to think this will be revealed as far more embarrassing for Twitter than anyone could have originally imagined.
-
@firstadopter
Tae Kim
on x
Twitter: “We detected what we believe to be a coordinated social engineering attack.” NYTimes: “done by a group of young people — one of whom says he lives at home with his mother ... 19 and lived in the south of England with his mother.” https://www.nytimes.com/...
-
@martinsfp
Martin Sfp Bryant
on x
“The [Twitter hack] was done by a group of young people — one of whom says he lives at home with his mother — who got to know one another because of their obsession with owning early or unusual screen names” https://www.nytimes.com/...
-
@golovashkina
Anastasia Golovashkina
on x
Remember LulzSec in 2011? Reminds me of that. https://www.nytimes.com/...
-
@kateconger
Kate Conger
on x
Funnily enough, some of his middlemen claimed to be asleep when all this action was taking place! One of them provided screenshots of texts with his girlfriend, saying he was going to take a nap, to corroborate his story.
-
@ampressman
Aaron Pressman
on x
Kids say the damnedest things - Instead, it was done by a group of young people — one of whom says he lives at home with his mother — who got to know one another because of their obsession with owning early or unusual screen names, particularly one letter or number, like @y or @6
-
@zackwhittaker
Zack Whittaker
on x
Can confirm much of this @kateconger and @nathanielpopper scoop, which adds more on the Twitter account hacks. Lines up with what I've been told by one well-placed source. https://www.nytimes.com/...
-
@scottmelker
@scottmelker
on x
I told you guys @haseeb was a genius. He figured out the entire hack and delivered the hackers directly to the New York Times. https://www.nytimes.com/...
-
@ericgeller
Eric Geller
on x
Per NYT, Twitter still doesn't actually know if the hackers got an employee's credentials by socially engineering them (as Twitter initially said) or bribing them (as @josephfcox later reported). https://www.nytimes.com/... https://twitter.com/...
-
@neerajka
Neeraj K. Agrawal
on x
Here's a timeline of the hack that shows it starting with cryptocurrency accounts and fanning out from there. It supports my “idiots running wild” theory https://www.theblockcrypto.com/ ... https://twitter.com/...
-
@jamesrbuk
James Ball
on x
The Twitter hack feels like someone breaking into a bank vault and then just using their WiFi to send 419 scam emails. Its potential vs what they seem to have got from it just do not align.
-
@ericajoy
Erica Joy
on x
friends, user impersonation tooling is not uncommon. it's often how support agents at tech companies troubleshoot accounts. https://twitter.com/...
-
@twittersupport
@twittersupport
on x
Based on what we know right now, we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident. For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts.
-
@ericgeller
Eric Geller
on x
Wow. Just seeing this. Twitter says it believes the hackers breached all those high-profile accounts by tricking company employees into handing over their passwords. An embarrassing revelation that raises questions about how highly privileged employees protect their accounts. htt…
-
@benlower
Ben Lower
on x
130? What a missed oppty. Should have been 140. https://www.cnbc.com/...
-
@tomgara
Tom Gara
on x
Huge validation here for the they're-mostly-just-idiots theory of history https://www.nytimes.com/... https://twitter.com/... https://twitter.com/...
-
@thehill
@thehill
on x
Twitter says 130 accounts targeted in this week's cyberattack https://hill.cm/dYK9wOu https://twitter.com/...
-
@bbcnews
@bbcnews
on x
Twitter says 130 accounts were targeted in a major cyber-attack of celebrity accounts two days ago https://www.bbc.com/...
-
@reuters
@reuters
on x
Twitter says about 130 accounts were targeted in a cyber attack this week. The company added that it was continuing to assess whether the attackers were able to access private data of the targeted accounts https://www.reuters.com/... https://twitter.com/...
-
@variety
@variety
on x
.@Twitter Says 130 Accounts Targeted in Hack That Hijacked Feeds of Kanye, Biden, Obama, Bezos and Others http://variety.com/...
-
@chrismessina
Chris Messina
on x
130 #BlueChecks were affected in the #twitterhack The source was the same OG Users forum that hacked my #IGChris account a couple years ago using a similar account reset email interception. https://www.theguardian.com/ ... https://twitter.com/...
-
@pinboard
@pinboard
on x
With the FBI poking around Twitter, it's a good time to remind people—don't have sensitive conversations in Twitter DMs. Move that stuff to Signal. You don't know who'll be in charge of Twitter five, ten, or twenty years from now. Remember the example of LiveJournal. https://twit…
-
@janaktvu
Jana Katsuyama
on x
Still waiting for answers from Twitter press team about the #twitterhacked investigation...How many accounts known to be compromised so far? When and how did Twitter become aware of this security breach? Will they be implementing any new safeguards? https://twitter.com/...
-
@alexhern
Alex Hern
on x
This is an absolutely hilarious response. “We won't tell you who it is, but it's not... you know ;)” https://twitter.com/...
-
@pakman
David Pakman
on x
Twitter can protect itself and its users from its own managerial failings by enabling long-promised end-to-end encryption for DMs. https://www.eff.org/...
-
@eff
@eff
on x
It's a no-brainer that Twitter should protect your direct messages, and they have been unencrypted for far too long. https://www.eff.org/...
-
@twittersupport
@twittersupport
on x
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
-
@somebadideas
Aaron Stewart-Ahn
on x
In this version it really does look like one of the hacks of the century was by a bunch of bros who wasted it all on clout & bitcoin https://twitter.com/...
-
@anthony
Anthony DeRosa
on x
Good technical analysis of the Twitter hack: It seems that attackers were able to use the portal access to update the email address on file for the account, revoke any 2FA settings, and then do a password reset to gain access to the account. https://medium.com/...
-
@eamonjavers
Eamon Javers
on x
The critical failure in the most damaging attacks against the United States has been of imagination. In '01 and '16, we didn't anticipate that airplanes could be suicide missiles, or Facebook posts could manipulate democracy. These were zero-day attacks of social engineering. htt…
-
@eamonjavers
Eamon Javers
on x
This is interesting disclosure from Twitter, because it implies that although the attackers had access to “internal systems and tools” they weren't able to get into every account they targeted. 2 Q's: who else were they after, and: Why couldn't they get in? https://twitter.com/..…
-
@donie
Donie O'Sullivan
on x
Here's what Twitter is saying: https://twitter.com/... https://twitter.com/...
-
@ericgeller
Eric Geller
on x
Every answer raises more questions. What does “in some way” mean? Were some accounts used for things other than tweeting the Bitcoin scam? I foresee more stern lawmaker letters. https://twitter.com/...
-
@vpkivimaki
Veli-Pekka Kivimki
on x
You could be doing everything right, like have strong 2FA, but the threat could come from the inside. Not a good idea to have anything sensitive stored in your DMs or group chats. https://twitter.com/...
-
@campuscodi
Catalin Cimpanu
on x
More Twitter updates: Only 130 accounts were targeted in Wednesday's hack. https://twitter.com/...
-
@ronwyden
Ron Wyden
on x
In September of 2018, shortly before he testified before the Senate Intelligence Committee, I met privately with Twitter's CEO Jack Dorsey. During that conversation, Mr. Dorsey told me the company was working on end-to-end encrypted direct messages. https://twitter.com/...
-
@twittersupport
@twittersupport
on x
We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We're looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.
-
@donie
Donie O'Sullivan
on x
#BREAK Twitter says approx 130 accounts targeted as part of hack. That's a lot more than the compromised accounts we know about. https://twitter.com/...
-
@mikeisaac
Rat King
on x
twitter says roughly 130 user accounts targeted in Wednesday's hack — still no concrete word on DM's but you'd have to imagine if they had full acct access they had dm access. https://twitter.com/... https://twitter.com/...
-
@erikgroset
Erik Groset
on x
So there you have it, likely PlugWalkJoe behind the great Twitter hack of 2020. Not a state actor. If DM's are safe, remains to be seen. Guy clearly loves the spotlight and reselling things. https://twitter.com/...
-
@dcbyron
David Byron
on x
“While it may sound ridiculous that anyone would be fooled into sending bitcoin in response to these tweets, an analysis of the BTC wallet... shows that on July 15 the account processed 383 transactions and received almost 13 bitcoin on July 15 — or approximately USD $117,000.” h…
-
@derekdoestech
Derek B. Johnson
on x
Some interesting dot connecting, but curious what others think. A lot of it depends on the connections made through an anonymous mobile security industry source.
-
@envirosec
Guido
on x
Talked to Brian Krebbs this afternoon about the link between the #twitterhack and the Dutch suspect. Looks like the original hacker had plans, but his friend, the Dutch ‘hacker’ KLITZ (who also defaced the account of politician @geertwilderspvv) came up with the BTC-scam plan. ht…
-
@taviso
Tavis Ormandy
on x
@colemankane @KarlShucks @dotMudge Ah, so all mitigations are really just as effective as any other, it's all the same? That's nonsense, some mitigations work and some are trash. SMS 2FA is trash, unique passwords actually work.
-
@starfire2258
Sean Hollister
on x
This is an interesting post. It also doxxes a real-life human being based on the word of a single unnamed source. That's extremely problematic. https://twitter.com/...
-
@katebevan
@katebevan
on x
My life's mission is to get people to stop using SMS for 2FA https://twitter.com/...
-
@karlbode
@karlbode
on x
So basically, the same SIM hijackers that have been bribing telecom employees for years bribed a Twitter employee to gain access to company internal tools that let them change account email addresses bypassing 2FA? https://www.vice.com/... https://twitter.com/...
-
@b52malmet
Barbara Malmet
on x
Exclusive: U.S. FBI is leading an inquiry into the Twitter hack, sources say- notable that Trump wasn't hacked. https://www.reuters.com/...
-
@twittersupport
@twittersupport
on x
[Thread] Twitter says a “coordinated social engineering attack” against employees with access to internal systems and tools allowed hackers to hijack accounts