• by Wendy Davis  @wendyndavis, July 17, 2020

Twitter is facing new calls to beef up its security practices, following a widely publicized hack that resulted in account hijackings.

Details about how the hackers gained access to the accounts -- including those of Elon Musk, Jeff Bezos and President Barack Obama -- are still emerging. But at least one potential avenue of attack -- direct messages -- would be more secure if Twitter protected them with end-to-end encryption, according to the digital rights group Electronic Frontier Foundation.

“End-to-end encryption provides the robust internal safeguard that Twitter needs,” the group writes in a post urging Twitter to implement the security protocol.

Earlier this week, Twitter fell victim to what it describes as “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”

Twitter says it believes that around 130 accounts were targeted, and that hackers were able to gain control of “a small subset” of those accounts. The hackers, who asked people to send bitcoin to an anonymous address, reportedly received more than 400 payments, totaling around $121,000.

Direct messages “are vulnerable to this week’s kind of internal compromise,” the Electronic Frontier Foundation says. “That’s because they are not end-to-end encrypted, so Twitter itself has access to them.”

The group adds that Twitter “wouldn’t have to worry about whether or not this week’s attackers read or exfiltrated DMs if it had end-to-end encrypted them.”

Sen. Ron Wyden (D-Oregon) also urged Twitter to encrypt direct messages.

“While it’s still not clear if the hackers gained access to Twitter DMs, this is a vulnerability that has lasted for far too long,” Wyden tweeted this week. “If hackers gained access to users' DMs, this breach could have a breathtaking impact for years to come.”

Separately, New York Attorney General  Attorney General Letitia James launched an investigation into the hack, which she stated “raises serious concerns about data security and how platforms like Twitter could be used to harm public debate.”