Our investigation is still ongoing but here’s what we know so far:
-
-
As part of the additional security measures we’ve taken, you may not have been able to reset your password. Other than the accounts that are still locked, people should be able to reset their password now.
Show this thread -
If your account was locked, this does not necessarily mean we have evidence that the account was compromised or accessed. So far, we believe only a small subset of these locked accounts were compromised, but are still investigating and will inform those who were affected.
Show this thread -
We're working to help people regain access to their accounts ASAP if they were proactively locked. This may take additional time since we’re taking extra steps to confirm that we’re granting access to the rightful owner.
Show this thread -
We’ve been working around the clock and will continue to provide updates here.
Show this thread -
We want to share some more specific updates coming out of the second day of our investigations.
Show this thread -
Based on what we know right now, we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident. For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts.
Show this thread -
We’re working with impacted account owners and will continue to do so over the next several days. We are continuing to assess whether non-public data related to these accounts was compromised, and will provide updates if we determine that occurred.
Show this thread -
For all accounts, downloading Your Twitter Data is still disabled while we continue this investigation.
Show this thread -
We have also been taking aggressive steps to secure our systems while our investigations are ongoing. We’re still in the process of assessing longer-term steps that we may take and will share more details as soon as we can.
Show this thread -
Thank you for your continued patience and understanding while we investigate this incident. We’ll continue to provide updates when we have them.
Show this thread -
We’re sharing a blog post that collects the latest on our investigation. It reiterates what we’ve already shared here, and includes a few new findings.https://blog.twitter.com/en_us/topics/company/2020/an-update-on-our-security-incident.html …
Show this thread -
As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets.
Show this thread -
We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken.
Show this thread -
For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. We are reaching out directly to any account owner where we know this to be true.
Show this thread -
Our investigation and cooperation with law enforcement continues, and we remain committed to sharing any updates here. More to come via
@TwitterSupport as our investigation continues.Show this thread -
We hope that our openness and transparency throughout this process, and the steps and work we will take to safeguard against other attacks in the future, will be the start of making this right.
Show this thread -
There is a lot speculation about the identity of these 8 accounts. We will only disclose this to the impacted accounts, however to address some of the speculation: none of the eight were Verified accounts.
Show this thread -
Our investigation continues, but we wanted to share more specifics about what the attackers did with the accounts they accessed. Following a complete review of all targeted accounts, here is more detail on what we know today:
Show this thread -
We believe that for up to 36 of the 130 targeted accounts, the attackers accessed the DM inbox, including 1 elected official in the Netherlands. To date, we have no indication that any other former or current elected official had their DMs accessed.
Show this thread -
We are communicating directly with any impacted account owners, and will share updates here when we have them.https://blog.twitter.com/en_us/topics/company/2020/an-update-on-our-security-incident.html …
Show this thread -
We’re hearing confusion around how the 8 accounts we reported yesterday relate to the 36 we reported today. These numbers refer to different things.
Show this thread -
8 is the number of accounts where an archive of "Your Twitter Data" was downloaded. This includes all of *your* account activity including DMs. None of the YTD downloads impacted Verified accounts.https://help.twitter.com/en/managing-your-account/accessing-your-twitter-data …
Show this thread -
36 is the number of accounts where the attacker took control of the account and viewed the DM inbox on https://Twitter.com .
Show this thread -
To recap:
130 total accounts targeted by attackers
45 accounts had Tweets sent by attackers
36 accounts had the DM inbox accessed
8 accounts had an archive of “Your Twitter Data” downloaded, none of these are VerifiedShow this thread -
We’re sharing an update based on what we know today. We’ll provide a more detailed report on what occurred at a later date given the ongoing law enforcement investigation and after we’ve completed work to further safeguard our service.https://blog.twitter.com/en_us/topics/company/2020/an-update-on-our-security-incident.html …
Show this thread -
The attack on July 15, 2020, targeted a small number of employees through a phone spear phishing attack. This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.
Show this thread -
By obtaining employee credentials, they were able to target specific employees who had access to our account support tools. They then targeted 130 Twitter accounts - Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7.
Show this thread -
While these tools, controls, and processes are constantly being updated and improved, we are taking a hard look at how we can make them even more sophisticated.
Show this thread -
We’ve significantly limited access to our internal tools and systems. Until we can safely resume normal operations, our response times to some support needs and reports will be slower. Thank you for your patience as we work through this.
Show this thread -
We’re accelerating several of our pre-existing security workstreams and improvements to our tools. We are also improving our methods for detecting and preventing inappropriate access to our internal systems and prioritizing security work across many of our teams.
Show this thread - Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
