🔴 LIVE: The Secrets of ProPicks AI Success Revealed + November’s List FREEWatch Now

Twitter stepped up search to fill top security job ahead of hack

Published 2020-07-16, 01:33 p/m
© Reuters. The Twitter logo and binary cyber codes are seen in this illustration
MSFT
-
AAPL
-
AMZN
-
META
-
TWTR
-
UBER
-

By Joseph Menn, Katie Paul and Mark Hosenball

(Reuters) - Twitter Inc (N:TWTR) had stepped up its search for a chief information security officer in recent weeks, two people familiar with the effort told Reuters, before the breach of high-profile accounts on Wednesday raised alarms about the platform's security.

The FBI's San Francisco division is leading an inquiry into the Twitter hacking, it said in a statement, as more Washington lawmakers called for an accounting of how it happened.

The law enforcement agency said hackers committed cryptocurrency fraud after they seized control of the Twitter accounts of celebrities and political figures including Joe Biden, Kim Kardashian, Barack Obama and Elon Musk.

A day after the breach, it was not clear if the hackers were able to see private messages sent by account holders, although Twitter said it had no evidence that attackers had been able to access passwords.

The company said in a statement that it was continuing to lock accounts that had changed passwords in the past month, but said "we believe only a small subset of these locked accounts were compromised." Twitter declined to comment on the job search.

In a sign of how much the attack unnerved U.S. lawmakers, both Democrats and Republicans showed rare bipartisan agreement that Twitter must better explain how the security lapse happened and what it was doing to prevent future attacks.

"This hack bodes ill for November balloting," U.S. Senator Richard Blumenthal, a Democrat, said in a statement scolding Twitter for "its repeated security lapses and failure to safeguard accounts."

Echoing a similar sentiment, Representative Jim Jordan, the top Republican on the House Judiciary Committee, asked what would happen if Twitter allowed a similar incident to occur on Nov. 2, a day before the U.S. presidential election.

Jordan said he remained locked out of his Twitter account as of Thursday afternoon.

President Donald Trump, a prolific Twitter user, was planning to continue tweeting and his account was not jeopardized during the attack, spokeswoman Kayleigh McEnany said.

The White House had been in "constant contact with Twitter over the last 18 hours" to keep Trump's Twitter feed secure, she said.

Twitter said hackers had targeted employees with access to its internal systems and "used this access to take control of many highly-visible (including verified) accounts."

Other high-profile accounts that were hacked included rapper Kanye West, Amazon.com Inc (O:AMZN) founder Jeff Bezos, investor Warren Buffett, Microsoft Corp (O:MSFT) co-founder Bill Gates, and the corporate accounts for Uber Technologies Inc (N:UBER) and Apple Inc (O:AAPL).

The company, which has been without a security chief since December, said the hackers conducted a "coordinated social engineering attack" against its employees.

Several security experts researching the case said that they believed the hackers were primarily interested in prestige Twitter accounts with one- or two-digit handles, such as @6.

Such accounts were among the first ones hacked Wednesday, even before the bitcoin requests, and control of handles was advertised in one forum for enthusiasts of accounts active since Twitter's early days.

Access to the employee tool could have spread beyond that group.

In an extraordinary step, Twitter temporarily prevented many verified accounts from publishing messages as it investigated the breach.

The second and third rounds of hijacked accounts tweeted out messages telling users to send bitcoin to a given address in order to get more back. Publicly available blockchain records show the apparent scammers received more than $100,000 worth of cryptocurrency.

As of Thursday, Twitter was continuing to block tweets containing the bitcoin addresses the scammers had used. Facebook Inc (O:FB) appeared to have enabled a similar security feature on its Messenger service temporarily on Wednesday, but did not respond to queries on whether it had also been targeted in the attack.

Twitter's shares fell a little more than 1% on Thursday.

CEO Jack Dorsey said on Wednesday that it was a "tough day" for everyone at Twitter and pledged to share "everything we can when we have a more complete understanding of exactly what happened".

Dorsey's assurances did not assuage Washington's concerns about social media companies, whose policies have come under scrutiny by critics on both the left and the right.

Frank Pallone, a Democrat who chairs the House Energy and Commerce Committee that oversees a sizeable portion of U.S. tech policy, said the company needed to explain how the hack took place.

© Reuters. The Twitter logo and binary cyber codes are seen in this illustration

The U.S. House Intelligence Committee was in touch with Twitter regarding the hack, according to a committee official who did not wish to be named.

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.