Twitter hack: Compromised accounts will remain blocked until investigation completes, internal system access limited- Technology News, Firstpost

tech2 News StaffJul 16, 2020 10:24:56 IST

Late last night, Twitter accounts of some high-profile users like Kim Kardashian, Barack Obama, Elon Musk, Kanye West, Bill Gates, among others, were hacked to solicit digital currency.

Former US President Barack Obama. Image: Reuters

Minutes after the news of hijack broke, Twitter acknowledged the issue and the company CEO Jack Dorsey tweeted that the company was diagnosing the problem and pledged to share “everything we can when we have a more complete understanding of exactly what happened.”

Tough day for us at Twitter. We all feel terrible this happened.

We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.

💙 to our teammates working hard to make this right.

— jack (@jack) July 16, 2020

As promised Twitter has been sharing timely updates of the development into the hijack.

Twitter blocked the ability to tweet for all users immediately after the attack was known. It also reset passwords and blocked other functionalities as it tried to figure out what caused the hijack.

We’re continuing to limit the ability to Tweet, reset your password, and some other account functionalities while we look into this. Thanks for your patience.

— Twitter Support (@TwitterSupport) July 15, 2020

A few minutes later, the Twitter team figured out that the hijack was limited to verified accounts only. The ability to tweet was restored for most accounts eventually.

Most accounts should be able to Tweet again. As we continue working on a fix, this functionality may come and go. We’re working to get things back to normal as quickly as possible.

— Twitter Support (@TwitterSupport) July 16, 2020

Twitter also said that the attack looked like “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”

We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.

— Twitter Support (@TwitterSupport) July 16, 2020

Twitter says that immediately after it figured out the pattern, it locked down the accounts of users who were affected and took down posts by the hijackers.

Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers.

— Twitter Support (@TwitterSupport) July 16, 2020

Now, as of Twitter’s last update, the compromised accounts have been locked. Twitter says it will restore access to the original account owner only when it’s certain that they can use the account securely.

We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely.

— Twitter Support (@TwitterSupport) July 16, 2020

Additionally, Twitter says it has also made some changes internally with limit access to internal systems and tools.

Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.

— Twitter Support (@TwitterSupport) July 16, 2020

While Twitter’s investigation is still ongoing, some experts believe that the hackers had access to the platform’s internal infrastructure “It is highly likely that the attackers were able to hack into the back end or service layer of the Twitter application,” said Michael Borohovski, director of software engineering at security company Synopsys. “If the hackers do have access to the backend of Twitter, or direct database access, there is nothing potentially stopping them from pilfering data in addition to using this tweet-scam as a distraction,” he said.