Twitter stepped up search to fill top security job ahead of hack
Send a link to a friend
 [July 17, 2020]
By Joseph Menn, Katie Paul and Mark Hosenball
(Reuters) - Twitter Inc <TWTR.N> had
stepped up its search for a chief information security officer in recent
weeks, two people familiar with the effort told Reuters, before the
breach of high-profile accounts on Wednesday raised alarms about the
platform's security.
The FBI's San Francisco division is leading an inquiry into the Twitter
hacking, it said in a statement, as more Washington lawmakers called for
an accounting of how it happened.
The law enforcement agency said hackers committed cryptocurrency fraud
after they seized control of the Twitter accounts of celebrities and
political figures including Joe Biden, Kim Kardashian, Barack Obama and
Elon Musk.
A day after the breach, it was not clear if the hackers were able to see
private messages sent by account holders, although Twitter said it had
no evidence that attackers had been able to access passwords.
The company said in a statement that it was continuing to lock accounts
that had changed passwords in the past month, but said "we believe only
a small subset of these locked accounts were compromised." Twitter
declined to comment on the job search.
In a sign of how much the attack unnerved U.S. lawmakers, both Democrats
and Republicans showed rare bipartisan agreement that Twitter must
better explain how the security lapse happened and what it was doing to
prevent future attacks.
"This hack bodes ill for November balloting," U.S. Senator Richard
Blumenthal, a Democrat, said in a statement scolding Twitter for "its
repeated security lapses and failure to safeguard accounts."
Echoing a similar sentiment, Representative Jim Jordan, the top
Republican on the House Judiciary Committee, asked what would happen if
Twitter allowed a similar incident to occur on Nov. 2, a day before the
U.S. presidential election.
Jordan said he remained locked out of his Twitter account as of Thursday
afternoon.
President Donald Trump, a prolific Twitter user, was planning to
continue tweeting and his account was not jeopardized during the attack,
spokeswoman Kayleigh McEnany said.
The White House had been in "constant contact with Twitter over the last
18 hours" to keep Trump's Twitter feed secure, she said.
Twitter said hackers had targeted employees with access to its internal
systems and "used this access to take control of many highly-visible
(including verified) accounts."
Other high-profile accounts that were hacked included rapper Kanye West,
Amazon.com Inc <AMZN.O> founder Jeff Bezos, investor Warren Buffett,
Microsoft Corp <MSFT.O> co-founder Bill Gates, and the corporate
accounts for Uber Technologies Inc <UBER.N> and Apple Inc <AAPL.O>.
The company, which has been without a security chief since December,
said the hackers conducted a "coordinated social engineering attack"
against its employees.
[to top of second column]
|
The extraordinary hacking spree that hit Twitter on Wednesday,
leading it to briefly muzzle some of its most widely followed
accounts, is drawing questions about the platform's security and
resilience in the run-up to the U.S. presidential election. This
report produced by Yahaira Jacquez.
Several security experts researching the case said that they
believed the hackers were primarily interested in prestige Twitter
accounts with one- or two-digit handles, such as @6.
Such accounts were among the first ones hacked Wednesday, even
before the bitcoin requests, and control of handles was advertised
in one forum for enthusiasts of accounts active since Twitter's
early days.
Access to the employee tool could have spread beyond that group.
In an extraordinary step, Twitter temporarily prevented many
verified accounts from publishing messages as it investigated the
breach.
The second and third rounds of hijacked accounts tweeted out
messages telling users to send bitcoin to a given address in order
to get more back. Publicly available blockchain records show the
apparent scammers received more than $100,000 worth of
cryptocurrency.
As of Thursday, Twitter was continuing to block tweets containing
the bitcoin addresses the scammers had used. Facebook Inc <FB.O>
appeared to have enabled a similar security feature on its Messenger
service temporarily on Wednesday, but did not respond to queries on
whether it had also been targeted in the attack.
Twitter's shares fell a little more than 1% on Thursday.
CEO Jack Dorsey said on Wednesday that it was a "tough day" for
everyone at Twitter and pledged to share "everything we can when we
have a more complete understanding of exactly what happened".
Dorsey's assurances did not assuage Washington's concerns about
social media companies, whose policies have come under scrutiny by
critics on both the left and the right.
Frank Pallone, a Democrat who chairs the House Energy and Commerce
Committee that oversees a sizeable portion of U.S. tech policy, said
the company needed to explain how the hack took place.
The U.S. House Intelligence Committee was in touch with Twitter
regarding the hack, according to a committee official who did not
wish to be named.
(Reporting by Joseph Menn, Katie Paul and Mark Hosenball; Additional
reporting by Ayanti Bera, Aakash Jagadeesh Babu and Subrat Patnaik
in Bengaluru; Elizabeth Culliford and Paresh Dave in San Francisco;
and Raphael Satter, Nandita Bose, David Shepardson, Diane Bartz and
Jeff Mason in Washington; Editing by Lisa Shumaker and Christopher
Cushing)
[© 2020 Thomson Reuters. All rights
reserved.] Copyright 2020 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content. |
