Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Twitter explains how major celebrity attack was able to happen as investigations continue

Company confirms that its entire system, not specific users, was targeted

Andrew Griffin
Thursday 16 July 2020 09:19 BST
Comments
The Twitter logo is seen on a phone in this photo illustration in Washington, DC, on July 10, 2019
The Twitter logo is seen on a phone in this photo illustration in Washington, DC, on July 10, 2019

Twitter has explained how the major hack on its most famous users was able to happened – and confirmed the worst fears that it was not the account holders but the entire platform that was hit.

Overnight, many of the most-followed accounts on the service began to tweet about a bitcoin scam, in which users were encouraged to send cryptocurrency to a specific address with the false promise that they would receive twice as much in return. The posts came from accounts ranging from Barack Obama to Apple's official feed.

As the company scrambled to stop the false tweets, it was forced to take a range of measures including briefly stopping any verified account from tweeting at all. But it has now explained that initial investigations show that it was no one specific account that was the problem but an attack that targeted employees and gained access to internal systems.

That is a particular concern because it suggests that the attackers could have conducted other, potentially more damaging actions while they had access to those systems. Twitter has yet to rule out that possibility.

Senior staff at Twitter have already apologised for the lapse and committed to further investigation.

“Tough day for us at Twitter. We all feel terrible this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened," Twitter CEO Jack Dorsey wrote.

“Our investigation into the security incident is still ongoing but we’ll be posting updates from @TwitterSupport with more detail soon. In the meantime I just wanted to say that I’m really sorry for the disruption and frustration this incident has caused our customers,” said Twitter Product chief Kayvon Beykpour.

That support account tweeted a long explanation of how the attack was able to happen – and the steps the company took to limit it.

"We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools," the company wrote.

"We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.

"Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers.

"We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this.

Twitter said in the same thread that it had returned most functionality, but not all. It also warned that restrictions could be put back in place in the future as the investigation continues.

"We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this.

"This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do.

"We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely.

It also said that new restrictions had already been added within Twitter to stop such wide-ranging access.

"Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues."

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in