Profile picture
, 39 tweets, 6 min read
My Authors
Read all threads
We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.
You may be unable to Tweet or reset your password while we review and address this incident.
We’re continuing to limit the ability to Tweet, reset your password, and some other account functionalities while we look into this. Thanks for your patience.
Most accounts should be able to Tweet again. As we continue working on a fix, this functionality may come and go. We're working to get things back to normal as quickly as possible.
Our investigation is still ongoing but here’s what we know so far:
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.
Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers.
We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this.
This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do.
We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely.
Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.
Here’s an update addressing questions we’ve heard around passwords and account access specifically:
We have no evidence that attackers accessed passwords. Currently, we don’t believe resetting your password is necessary.
Out of an abundance of caution, and as part of our incident response yesterday to protect people’s security, we took the step to lock any accounts that had attempted to change the account’s password during the past 30 days.
As part of the additional security measures we’ve taken, you may not have been able to reset your password. Other than the accounts that are still locked, people should be able to reset their password now.
If your account was locked, this does not necessarily mean we have evidence that the account was compromised or accessed. So far, we believe only a small subset of these locked accounts were compromised, but are still investigating and will inform those who were affected.
We're working to help people regain access to their accounts ASAP if they were proactively locked. This may take additional time since we’re taking extra steps to confirm that we’re granting access to the rightful owner.
We’ve been working around the clock and will continue to provide updates here.
We want to share some more specific updates coming out of the second day of our investigations.
Based on what we know right now, we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident. For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts.
We’re working with impacted account owners and will continue to do so over the next several days. We are continuing to assess whether non-public data related to these accounts was compromised, and will provide updates if we determine that occurred.
For all accounts, downloading Your Twitter Data is still disabled while we continue this investigation.
We have also been taking aggressive steps to secure our systems while our investigations are ongoing. We’re still in the process of assessing longer-term steps that we may take and will share more details as soon as we can.
Thank you for your continued patience and understanding while we investigate this incident. We’ll continue to provide updates when we have them.
We’re sharing a blog post that collects the latest on our investigation. It reiterates what we’ve already shared here, and includes a few new findings. blog.twitter.com/en_us/topics/c…
As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets.
We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken.
For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. We are reaching out directly to any account owner where we know this to be true.
Our investigation and cooperation with law enforcement continues, and we remain committed to sharing any updates here. More to come via @TwitterSupport as our investigation continues.
We hope that our openness and transparency throughout this process, and the steps and work we will take to safeguard against other attacks in the future, will be the start of making this right.
There is a lot speculation about the identity of these 8 accounts. We will only disclose this to the impacted accounts, however to address some of the speculation: none of the eight were Verified accounts.
Our investigation continues, but we wanted to share more specifics about what the attackers did with the accounts they accessed. Following a complete review of all targeted accounts, here is more detail on what we know today:
We believe that for up to 36 of the 130 targeted accounts, the attackers accessed the DM inbox, including 1 elected official in the Netherlands. To date, we have no indication that any other former or current elected official had their DMs accessed.
We are communicating directly with any impacted account owners, and will share updates here when we have them. blog.twitter.com/en_us/topics/c…
We’re hearing confusion around how the 8 accounts we reported yesterday relate to the 36 we reported today. These numbers refer to different things.
8 is the number of accounts where an archive of "Your Twitter Data" was downloaded. This includes all of *your* account activity including DMs. None of the YTD downloads impacted Verified accounts. help.twitter.com/en/managing-yo…
36 is the number of accounts where the attacker took control of the account and viewed the DM inbox on Twitter.com.
To recap:
🔹130 total accounts targeted by attackers
🔹45 accounts had Tweets sent by attackers
🔹36 accounts had the DM inbox accessed
🔹8 accounts had an archive of “Your Twitter Data” downloaded, none of these are Verified
Missing some Tweet in this thread? You can try to force a refresh.

Keep Current with Twitter Support

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @TwitterSupport see all

Profile picture
Twitter Support
@TwitterSupport
Hey moms, new to Twitter and the kids don't have the patience to teach you how to Tweet? Well, we got you some flowers and put together this thread to show you around. Put on your comfy clothes and tap “Show this thread”. 💐
Welcome to Twitter! Glad you’re here, and you're always allowed in our room.

Now that you have an account, let's start by updating your profile photo, display name, and bio –– just tap the “Edit profile” button on your profile. To change your username: twitter.com/settings/accou…
Time to follow people so their Tweets show up in your Home timeline. You can start with your family members or favorite celebrities. Here's how to find them: help.twitter.com/using-twitter/…

Give us a follow? We Tweet about new features and how-tos. Plus we always eat our veggies. 💙
Read 8 tweets
Profile picture
Twitter Support
@TwitterSupport
Due to the COVID-19 global health emergency, our support team's availability has been impacted and it may take longer to hear back from us when you report something.

As we continue to review reports, we’re automating some areas of our process to efficiently enforce our rules:
🌐 We’re using technology to help our team prioritize reviewing the most severe cases of rule violations.
🌐 We've implemented tools to help us proactively identify rule-breaking content before it's reported, by comparing it to similar content we’ve removed in the past.
We appreciate your patience and understanding while we adjust this process to help keep people safe on Twitter.

Learn more about what we’re doing during this time: blog.twitter.com/en_us/topics/c…
Read 3 tweets
Profile picture
Twitter Support
@TwitterSupport
We’ve heard your feedback about our effort to delete inactive accounts and want to respond and clarify. Here’s what’s happening:
This impacts accounts in the EU only, for now. We’ve always had an inactive account policy but we haven’t enforced it consistently. We’re starting with the EU in part due to local privacy regulations (eg, GDPR).
We’ve heard you on the impact that this would have on the accounts of the deceased. This was a miss on our part. We will not be removing any inactive accounts until we create a new way for people to memorialize accounts.
Read 5 tweets

Embed code for your website

×
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!