What you need to know
- Twitter has published an update on a major security breach earlier this week.
- It says 130 accounts were targeted, and 45 were compromised.
- Eight non-verified accounts had all of their data, including DMs downloaded.
Twitter has confirmed that 130 accounts were targeted and 45 were compromised in a security breach earlier this week.
As we've been informing via the @TwitterSupport account, on Wednesday, July 15, 2020, we detected a security incident at Twitter and took immediate action. As we head into the weekend, we want to provide an overview of where we are.
Twitter says that attackers targeted "certain Twitter employees through a social engineering scheme", in the context, "the intentional manipulation of people into performing certain actions and divulging confidential information." A recent Motherboard report claims hackers simply paid off a Twitter insider to do their work for them.
Twitter says "a small number of employees" were successfully manipulated, and their credentials used to gain access to internal systems, bypassing 2FA protections.
It says 130 accounts were targeted. 45 of those had their passwords reset, and the attackers were able to login to those accounts and send rogue tweets. Tweets sent from accounts like Apple, Barack Obama, Bill Gates, and more asked users to send Bitcoin to an address with the promise it would be doubled. Twitter also believes the attackers may have attempted to sell the usernames of compromised accounts.
More disturbingly, Twitter says the information of eight accounts was downloaded through 'Your Twitter Data':
For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account's information through our "Your Twitter Data" tool. This is a tool that is meant to provide an account owner with a summary of their Twitter account details and activity. We are reaching out directly to any account owner where we know this to be true. None of the eight were verified accounts.
This includes account history, apps and devices, activity, interests and ad data, contacts, Tweet history, apps with access to your Twitter, muted and blocked accounts, profile info, Direct Messages, media, and more.
Twitter says it is continuing to investigate the attack alongside law enforcement. Twitter reiterates that the vast majority of Twitter users were not affected by the incident. Of the 130 that were, attackers were not able to view previous passwords but were able to see personal information including email addresses and phone numbers. Of the 45 accounts taken over, the damage is unclear but certainly worse.
Twitter says it is also working to restore access to account owners still locked out since the breach, mainly users who have reset their passwords in the last 30 days.
Twitter said it was "acutely aware of our responsibilities to the people" who use its service, adding that it was "embarrassed", "disappointed", and "more than anything, we're sorry."
Should Halo Infinite get its rumored battle royale mode?
Recently, a rumor that Halo Infinite will have a battle royale mode surfaced. Would this be a good move for Microsoft and 343 Industries to make? Here's what we think.
The Cyber Monday keyboard deals you need to know about
Getting your hands on a new keyboard is exciting for PC users, and thanks to Black Friday, it's more affordable than ever before. Here's a look at the best Black Friday keyboard deals available now.
Review: Immortals Fenyx Rising a late Game of the Year contender
Immortals Fenyx Rising skyrocketed to the top of my Game of the Year list, and I think it's something a lot of people will really like.
We pit the HP ENVY x360 15 against the Lenovo Yoga C740 15
Both the Lenovo Yoga C740 and the HP ENVY x360 15 are great convertible devices, but which one should you actually buy? Here are our thoughts.