Twitter said Wednesday that a "coordinated social engineering attack" was behind a hack that compromised high-profile accounts. The attack "successfully targeted some of our employees," the company said, giving hackers access to "internal systems and tools." The company appeared to discount allegations that the attack was knowingly enabled by one of its employees, as one outlet had claimed. A Twitter spokesperson told Business Insider that the company's "investigation continues and we hope to have more to share there soon." Visit Business Insider's homepage for more stories.
Twitter announced Wednesday that hackers had targeted its employees, enabling them to access "internal systems and tools" that led to the compromise of some of the most popular accounts on the social network. The company said a "coordinated social engineering attack" had "successfully targeted some of our employees." This appears to contradict with a report from Motherboard that alleges that the hack was knowingly enabled by one of its workers. The outlet's claim was based on an interview with a purported hacker, and it has not been confirmed. Asked about the Motherboard story, a Twitter spokesperson told Business Insider that the company's "investigation continues, and we hope to have more to share there soon." The attack began Wednesday with several high-profile accounts, from Joe Biden to Kim Kardashian, posting links to a Bitcoin account. Users were asked to send the account money — and promised they would receive twice as much back. The perpetrators claim they made more than $118,000. The hack revealed that Twitter employees enjoy a good deal of control over users' accounts — raising questions about security beyond what a user can access. The internal tools that were exploited allow employees to both suspend accounts and reset the email addresses associated with them. "Internally," the company said Wednesday, "we've taken significant steps to limit access to internal systems and tools while our investigation is ongoing." In 2017, a contractor working with Twitter's Trust and Safety division was able to shut down President Donald Trump's account for 11 minutes after it was reported. And in 2019, two former Twitter employees were charged by the Department of Justice with spying for Saudi Arabia by mining personal information from accounts. Alex Stamos, director of the Stanford Internet Observatory, gave The New York Times several theories for how the hackers could have accessed the account and said that it appeared to have come internally from Twitter's system, as opposed to users' individual accounts being compromised through a password. "It could have been much worse," Stamos said. "We got lucky that this is what they decided to do with their power." Have a news tip? Email this reporter: firstname.lastname@example.orgJoin the conversation about this story » NOW WATCH: Why Pikes Peak is the most dangerous racetrack in America
More like this (3)
On Tuesday, federal agents served a Massachusetts teenager with a search warrant. He appears to have...On Tuesday, federal agents served a Massachusetts teenager with a search warrant. He appears to have played a significant role in the July 15 Twitter attack, investigators and fellow hackers said.
Twitter could be facing an FTC fine of up to $250 million over allegations that it violated an agreement over user data privacy (TWTR)
Twitter is under investigation by the FTC and could face a fine of anywhere between $150...Twitter is under investigation by the FTC and could face a fine of anywhere between $150 million to $250 million, the company disclosed in a regulatory filing Monday. Twitter said the FTC notified it of allegations that it improperly targeted ads at users based on information they had provided for "safety and security purposes," in violation a 2011 agreement. Twitter admitted last year that it had "inadvertently" targeted users with ads based on information they had provided to better secure their accounts. The company's privacy and security practices have come under renewed scrutiny following a major hack last month that resulted in dozens of high-profile accounts being compromised. Visit Business Insider's homepage for more stories. Twitter disclosed in a regulatory filing Monday that it is under investigation by the Federal Trade Commission related to allegations that it violated a 2011 consent agreement — and that it's expecting a "probable loss" of somewhere between $150 million and $250 million. "Following the announcement of our Q2 financial results, we received a draft complaint from the FTC alleging violations of our 2011 consent order. Following standard accounting rules we included an estimated range for settlement in our 10Q filed on August 3," a Twitter spokesperson told Business Insider. A spokesperson for the FTC declined to comment. The FTC's complaint specifically centers on Twitter's alleged use of "phone number and/or email address data provided for safety and security purposes for targeted advertising during periods between 2013 and 2019," according to the filing. Twitter said in the filing that it had set aside $150 million to cover a potential fine from the FTC, noting that "the matter remains unresolved, and there can be no assurance as to the timing or the terms of any final outcome." Last October, Twitter admitted that it had used phone numbers and emails — which users had uploaded with the intention of securing their accounts with two-factor authentication — in order to target them with ads. Twitter said the data had been used "inadvertently" and that it didn't know how many people had been affected. In the complaint, the FTC alleges that incident put Twitter in violation of a agreement it reached with the agency in 2011, which was part of a settlement of charges that the company "deceived consumers and put their privacy at risk by failing to safeguard their personal information." As part of that settlement, the FTC barred Twitter "from misleading consumers about the extent to which it protects the security, privacy, and confidentiality" of their private information, and it also required Twitter to implement a "comprehensive information security program" subject to independent audit every other year. Twitter is facing renewed scrutiny surrounding its security measures following a major hack last month where employees were tricked into giving hackers access to internal tools that allowed them to hijack dozens of high-profile accounts including those of Barack Obama, Joe Biden, Elon Musk, Kanye West, Apple, and Uber. The hackers then used the accounts to orchestrate a cryptocurrency scam that netted them at least $120,000. Three individuals have been arrested in connection with the incident.Join the conversation about this story » NOW WATCH: How 'white savior' films like 'The Help' and 'Green Book' hurt Hollywood
Three men charged in hack that saw accounts of Barack Obama, Joe Biden and Elon Musk...Three men charged in hack that saw accounts of Barack Obama, Joe Biden and Elon Musk compromised in bitcoin scamAuthorities have charged three men in a major Twitter breach this month that hacked the accounts of prominent politicians, celebrities and technology moguls to scam people around the globe out of more than $100,000 in bitcoin.The suspects include a 19-year-old British man from Bognor Regis, a 22-year-old man from Orlando, Florida, and a teenager from Tampa, Florida. Continue reading...