Twitter has shed some light on the unprecedented attack that resulted in numerous takeovers of high-profile accounts. In a series of tweets posted this evening under its support channel, Twitter said that its internal systems were compromised by the hackers.
The first tweet in a multi-tweet explainer thread reads:’we know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf’.
Twitter has acknowledged that numerous people appear to have been involved in the hacks, not just one individual. Also that numerous employees were compromised, too.
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
Online hacking circles have been sharing screenshots of an internal company admin tool allegedly used to conduct the account takeovers. Twitter does not elaborate on what tools the attackers accessed or how exactly the attack was carried out.
Motherboard now says it’s talked to hackers who say they paid a Twitter employee to change the email addresses of popular accounts using the internal tool.
Two hackers were able to independently confirm they were in control of hijacked accounts today. One of them said they paid the Twitter employee to help them take over accounts.
Twitter is reportedly suspending accounts that share the screenshots and manually removing them for violating its rules. Motherboard also shared some of the screenshots of the internal tool allegedly at the center of the hacks.
The takeovers of a number of highly sensitive Twitter accounts suggest the attackers did not simply exploit individual account owners and had at the very least indirect access to employee tools Twitter wo n’t say for now.
This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions.
The company says it’s currently investigating’what other malicious activity they may have conducted’. It’s possible that attackers may have had access to private direct messages, for instance.
Twitter will now face serious questions about its internal security precautions. Political and business accounts may have had sensitive information. It’s quite possible Twitter will face government inquiries and investigations.
Twitter immediately shut down the affected accounts and removed tweets posted by the attackers. It also took the unprecedented step of disabling the ability for verified accounts to send new tweets.