Twitter says it has “no evidence” user passwords were accessed as part of yesterday’s massive attack targeting the company’s internal tools, but it is still working to restore access to locked accounts. The updates were shared as part of a series of tweets posted Thursday afternoon.
Yesterday, attackers hijacked the accounts of some of the most-followed people on Twitter, including President Barack Obama, Vice President Joe Biden, Elon Musk, Bill Gates, and Kanye West, to post bitcoin scams. The company made the decision to lock many accounts last night as a precaution to reduce further damage from the attacks, and it provided more detail about why accounts were locked in this afternoon’s tweets.
“Out of an abundance of caution, and as part of our incident response yesterday to protect people’s security, we took the step to lock any accounts that had attempted to change the account’s password during the past 30 days,” Twitter said. The company added that if an account was locked, that didn’t “necessarily mean” that the account was compromised, and it believes only a “small subset” of locked accounts actually were.
Twitter says it’s working “ASAP” to restore access, but the process may still take some time.
We’re working to help people regain access to their accounts ASAP if they were proactively locked. This may take additional time since we’re taking extra steps to confirm that we’re granting access to the rightful owner.
— Twitter Support (@TwitterSupport) July 16, 2020
Although Twitter says it doesn’t believe passwords were accessed, it remains unclear if the attackers were able to access direct messages.
In addition to locking some accounts, Twitter also completely disabled the ability of all verified accounts to tweet last night for a few hours following the hack, though verified accounts could still retweet existing tweets while the limits were in place.
We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this.
— Twitter Support (@TwitterSupport) July 16, 2020
Last night, Twitter shared that its own internal tools were compromised in the attack. “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” Twitter said in a tweet sent yesterday at 10:38PM ET. Two anonymous sources told Motherboard that a Twitter employee helped them take over accounts, with one saying they paid the employee for their help.