With its reputation on the line, Twitter is struggling to explain a major security breach that briefly gave hackers control over the accounts of Joe Biden, Elon Musk, Bill Gates and other high-profile figures.
“Tough day for us at Twitter,” cofounder-CEO Jack Dorsey tweeted on Wednesday night. “We all feel terrible this happened.”
Officially, the company said it detected what it believes was a “coordinated social engineering attack” by people who successfully targeted some of its employees with access to internal systems and tools.
“We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf,” the company tweeted on Wednesday.
“Cybercriminals were able to access the high-profile accounts by tricking [Twitter] employees,” said Logan Kipp, director at Web cybersecurity firm SiteLock. “Employees are often the first line of defense, and if they don’t know how to spot common attack methods like spear phishing, smishing and whaling, cybercriminals will be quick to take advantage.”
“Right now, it’s just a matter of finding all the evidence and investigating, making sure that we can provide a clear case of exactly what happened and the tick-tock of what went down,” Dorsey said in an interview with Fast Company editor-in-chief Stephanie Mehta during a Procter & Gamble conference on Thursday.
The hackers used the accounts of Twitter’s more prominent users to promote a cryptocurrency scam across the platform.
Other notable accounts impacted by the breach included Barack Obama, Kanye West, Kim Kardashian, Warren Buffett, Michael Bloomberg and Apple’s corporate account.
With the breach, Twitter risks losing the confidence of its community, according to Kipp. “With any compromise, the targeted business jeopardizes losing user trust,” he said.
“We’re going to be really transparent — own anything that we made mistakes around and what we find,” Dorsey stressed to P&G event attendees.
More than a trust issue, the attack has national security implications, considering that President Trump and other government leaders now regularly use Twitter to communicate with the world.
Tech companies are being highly scrutinized over their ability to protect their platforms from bad actors.
Recently, security concerns threatened to derail Zoom’s rapid growth.