As a result, some features (namely, accessing the Your Twitter Data download feature) and processes have been impacted. Since the attack, we’ve significantly limited access to our internal tools and systems to ensure ongoing account security while we complete our investigation. Our investigation is ongoing, and we are working with the appropriate authorities to ensure that the people responsible for this attack are identified. We’ve communicated directly with the impacted account owners and worked to restore access to any accounts who may have been temporarily locked out during our remediation efforts. We take that responsibility seriously and everyone at Twitter is committed to keeping your information safe. This was a striking reminder of how important each person on our team is in protecting our service. This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems. While these tools, controls, and processes are constantly being updated and improved, we are taking a hard look at how we can make them even more sophisticated. We have zero tolerance for misuse of credentials or tools, actively monitor for misuse, regularly audit permissions, and take immediate action if anyone accesses account information without a valid business reason. Access to these tools is strictly limited and is only granted for valid business reasons. Our teams use proprietary tools to help with a variety of support issues as well as to review content in line with The Twitter Rules and respond to reports. To run our business, we have teams around the world that help with account support. There has been concern following this incident around our tools and levels of employee access. Using the credentials of employees with access to these tools, the attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7. This knowledge then enabled them to target additional employees who did have access to our account support tools. Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes. A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools. The social engineering that occurred on July 15, 2020, targeted a small number of employees through a phone spear phishing attack. We will provide a more detailed technical report on what occurred at a later date given the ongoing law enforcement investigation and after we’ve completed work to further safeguard our service. Last updated on July 30, 2020, at 5:45 PM PT with new sections below on “What we know now” and “What we’re doing to protect our service”.Īs our investigation continues, we’re sharing an update to answer some of the remaining questions based on what we’ve discovered to date.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |