Twitter has issued its first full official statement following this week’s hack that affected a lot of its users including some high-profile accounts. In its first full blog post since the incident occurred, the microblogging platform said the attackers may indeed have downloaded the direct messages of up to eight users while carrying out their act. Sadly too, the hackers also had access to phone numbers, email addresses of every account they targeted.
According to Twitter, hackers were able to gain access to their targets through a social engineering scheme. Social engineering in this case, is a situation where some Twitter staff were intentionally manipulated to perform “certain actions and divulging confidential information.”
“The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections,” Twitter said via its official blog. Now, that is scary; especially when you consider the length the hackers had to go to gain access to the accounts of their targets.
Following the manipulation, hackers, according to Twitter, were able to access tools only restricted to its internal support teams. This gave them access to 130 Twitter accounts, and thus initiated a password reset, login to the account, and sent tweets. While this may sound worrying, it gets even worse as Twitter said it is still conducting its forensic review of all of the accounts to confirm all actions that may have been taken by the hackers.
More disturbing facts
Yet more disturbing details of what took place behind the scene were revealed in the blog post by the microblogging platform as it said hackers now have access to account information of eight unverified users. The hackers were able to do this through your “Your Twitter Data;” a tool designed to provide you with a summary of your Twitter account details and activity.
What is next?
Twitter said it has already started taking some actions to not only get affected users informed, but to also help them secure their accounts. Among actions taken in a nutshell are:
- Preventing tweeting or changing of passwords.
- As a precautionary step, all accounts where passwords were recently changed have been locked.
- Working with law enforcement to determine longer-term actions that should be taken to improve its security systems.
- Restore access for all locked-out account owners who may still not be able to access their accounts as a result of the hack.
Perhaps, the most important of steps that Twitter needs to take is to restore trust and confidence in the process. This, perhaps, is the most important steps, and may involve a lot of hard work on the part of Twitter.
“We know that we must work to regain your trust, and we will support all efforts to bring the perpetrators to justice. We hope that our openness and transparency throughout this process, and the steps and work we will take to safeguard against other attacks in the future, will be the start of making this right.”