Twitter says passwords were spared in yesterday’s attack, but it’s still working to restore locked accounts

Twitter says it has “no evidence” user passwords were accessed as part of yesterday’s massive attack targeting the company’s internal tools, but it is still working to restore access to locked accounts. The updates were shared as part of a series of tweets posted Thursday afternoon.

Yesterday, attackers hijacked the accounts of some of the most-followed people on Twitter, including President Barack Obama, Vice President Joe Biden, Elon Musk, Bill Gates, and Kanye West, to post bitcoin scams. The company made the decision to lock many accounts last night as a precaution to reduce further damage from the attacks, and it provided more detail about why accounts were locked in this afternoon’s tweets.

“Out of an abundance of caution, and as part of our incident response yesterday to protect people’s security, we took the step to lock any accounts that had attempted to change the account’s password during the past 30 days,” Twitter said. The company added that if an account was locked, that didn’t “necessarily mean” that the account was compromised, and it believes only a “small subset” of locked accounts actually were.

Twitter says it’s working “ASAP” to restore access, but the process may still take some time.

Although Twitter says it doesn’t believe passwords were accessed, it remains unclear if the attackers were able to access direct messages.

In addition to locking some accounts, Twitter also completely disabled the ability of all verified accounts to tweet last night for a few hours following the hack, though verified accounts could still retweet existing tweets while the limits were in place.

Last night, Twitter shared that its own internal tools were compromised in the attack. “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” Twitter said in a tweet sent yesterday at 10:38PM ET. Two anonymous sources told Motherboard that a Twitter employee helped them take over accounts, with one saying they paid the employee for their help.

Originally posted: Source link


Leave a Reply

Subscribe to our newsletter

Join our monthly newsletter and never miss out on new stories and promotions.
Techhnews will use the information you provide on this form to be in touch with you and to provide updates and marketing.

You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at newsletter@techhnews.com. We will treat your information with respect.

%d bloggers like this: