Twitter | Search | |
Twitter Support Jul 15
Replying to @TwitterSupport
Our investigation is still ongoing but here’s what we know so far:
Reply Retweet Like
Twitter Support Jul 15
Replying to @TwitterSupport
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
Reply Retweet Like
Twitter Support Jul 15
Replying to @TwitterSupport
We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.
Reply Retweet Like
Twitter Support Jul 15
Replying to @TwitterSupport
Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers.
Reply Retweet Like
Twitter Support Jul 15
Replying to @TwitterSupport
We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this.
Reply Retweet Like
Twitter Support Jul 15
Replying to @TwitterSupport
This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do.
Reply Retweet Like
Twitter Support Jul 15
Replying to @TwitterSupport
We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely.
Reply Retweet Like
Twitter Support Jul 15
Replying to @TwitterSupport
Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.
Reply Retweet Like
Twitter Support Jul 16
Replying to @TwitterSupport
Here’s an update addressing questions we’ve heard around passwords and account access specifically:
Reply Retweet Like
Twitter Support Jul 16
Replying to @TwitterSupport
We have no evidence that attackers accessed passwords. Currently, we don’t believe resetting your password is necessary.
Reply Retweet Like
Twitter Support
Out of an abundance of caution, and as part of our incident response yesterday to protect people’s security, we took the step to lock any accounts that had attempted to change the account’s password during the past 30 days.
Reply Retweet Like More