What you need to know
- Twitter has published an update on a major security breach earlier this week.
- It says 130 accounts were targeted, and 45 were compromised.
- Eight non-verified accounts had all of their data, including DMs downloaded.
Twitter has confirmed that 130 accounts were targeted and 45 were compromised in a security breach earlier this week.
As we've been informing via the @TwitterSupport account, on Wednesday, July 15, 2020, we detected a security incident at Twitter and took immediate action. As we head into the weekend, we want to provide an overview of where we are.
Twitter says that attackers targeted "certain Twitter employees through a social engineering scheme", in the context, "the intentional manipulation of people into performing certain actions and divulging confidential information." A recent Motherboard report claims hackers simply paid off a Twitter insider to do their work for them.
Twitter says "a small number of employees" were successfully manipulated, and their credentials used to gain access to internal systems, bypassing 2FA protections.
It says 130 accounts were targeted. 45 of those had their passwords reset, and the attackers were able to login to those accounts and send rogue tweets. Tweets sent from accounts like Apple, Barack Obama, Bill Gates, and more asked users to send Bitcoin to an address with the promise it would be doubled. Twitter also believes the attackers may have attempted to sell the usernames of compromised accounts.
More disturbingly, Twitter says the information of eight accounts was downloaded through 'Your Twitter Data':
For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account's information through our "Your Twitter Data" tool. This is a tool that is meant to provide an account owner with a summary of their Twitter account details and activity. We are reaching out directly to any account owner where we know this to be true. None of the eight were verified accounts.
This includes account history, apps and devices, activity, interests and ad data, contacts, Tweet history, apps with access to your Twitter, muted and blocked accounts, profile info, Direct Messages, media, and more.
Twitter says it is continuing to investigate the attack alongside law enforcement. Twitter reiterates that the vast majority of Twitter users were not affected by the incident. Of the 130 that were, attackers were not able to view previous passwords but were able to see personal information including email addresses and phone numbers. Of the 45 accounts taken over, the damage is unclear but certainly worse.
Twitter says it is also working to restore access to account owners still locked out since the breach, mainly users who have reset their passwords in the last 30 days.
Twitter said it was "acutely aware of our responsibilities to the people" who use its service, adding that it was "embarrassed", "disappointed", and "more than anything, we're sorry."
Update 4: Trump gives blessing to TikTok sale to Microsoft
TikTok may soon be owned by Microsoft. The company is reportedly in talks to buy out the U.S. portion of TikTok amid a rumored Trump administration order for TikTok owner Bytedance to divest. On Monday, President Trump says he does not oppose the sale so long as it is done by September 15.
Bing might be in for a very Microsoft-y rebrand
You may want to prepare to say goodbye to Bing's iconic "B" logo. It appears Microsoft is at least mulling a move to rebrand the search engine to "Microsoft Bing" with a new logo in tow.
Even if you don't love Wonder Woman, this Edge extension is glorious
Need to add a little more spice to your new tab pages in Microsoft Edge? How about a little Wonder Woman 1984 art? Surely you can't say no to that.
Complete list of Xbox One Dolby Atmos games
Dolby Atmos creates a realistic, immersive soundscape, but is not featured in every game. These are all Xbox One games with baked-in Dolby Atmos support so far.