Twitter SupportCompte certifié

Our investigation and cooperation with law enforcement continues, and we remain committed to sharing any updates here. More to come via @TwitterSupport as our investigation continues.

We hope that our openness and transparency throughout this process, and the steps and work we will take to safeguard against other attacks in the future, will be the start of making this right.

There is a lot speculation about the identity of these 8 accounts. We will only disclose this to the impacted accounts, however to address some of the speculation: none of the eight were Verified accounts.

Our investigation continues, but we wanted to share more specifics about what the attackers did with the accounts they accessed. Following a complete review of all targeted accounts, here is more detail on what we know today:

We believe that for up to 36 of the 130 targeted accounts, the attackers accessed the DM inbox, including 1 elected official in the Netherlands. To date, we have no indication that any other former or current elected official had their DMs accessed.

We’re hearing confusion around how the 8 accounts we reported yesterday relate to the 36 we reported today. These numbers refer to different things.

36 is the number of accounts where the attacker took control of the account and viewed the DM inbox on https://Twitter.com .

To recap: 130 total accounts targeted by attackers 45 accounts had Tweets sent by attackers 36 accounts had the DM inbox accessed 8 accounts had an archive of “Your Twitter Data” downloaded, none of these are Verified

The attack on July 15, 2020, targeted a small number of employees through a phone spear phishing attack. This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.

By obtaining employee credentials, they were able to target specific employees who had access to our account support tools. They then targeted 130 Twitter accounts - Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7.

While these tools, controls, and processes are constantly being updated and improved, we are taking a hard look at how we can make them even more sophisticated.

We’ve significantly limited access to our internal tools and systems. Until we can safely resume normal operations, our response times to some support needs and reports will be slower. Thank you for your patience as we work through this.

We’re accelerating several of our pre-existing security workstreams and improvements to our tools. We are also improving our methods for detecting and preventing inappropriate access to our internal systems and prioritizing security work across many of our teams.

This was a striking reminder of how important each person on our team is in protecting our service. We take that responsibility seriously and everyone at Twitter is committed to keeping your information safe.

We’ll continue to share updates and precautionary steps we take so that others can learn from this, too. We recognize the trust you place in us, and are committing to earning it by continued open, honest and timely updates anytime an incident like this happens.