The Twitter barn door has been completely closed, and closed aggressively – it just so happens to have closed on a hell of a lot of people in the process.
Twitter confirmed Thursday that, amid an ongoing internal systems fiasco that spiraled out of control on Wednesday, it took the unprecedented step of locking out all users who changed their passwords in the past 30 days — or even Tried to change that. And, unfortunately for that untold number of users, it’s unclear exactly when they’ll be able to access their accounts again.
“Out of an abundance of caution, and as part of our response to the incident yesterday to protect people’s safety, we have taken the initiative to lock any account that has attempted to change the account’s password during the past 30 days.” Took steps,” read Thursday afternoon. statement(opens in a new tab) From Twitter’s support account.
We reached out to Twitter in an attempt to determine how many accounts have been affected by the move, however, a Twitter spokesperson declined to provide a number. Although it is likely to be much higher. At least some percentage of Twitter’s more than 300 million monthly users (Twitter now reports this), in addition to everyone who typically changes their password during a month(opens in a new tab) user base as “monetizable daily active use,” which is different) took the entirely appropriate precaution of attempting to change their passwords on Wednesday as the scale of Twitter’s compromise became clear.
Tweet may have been deleted
(opens in a new tab)
(opens in a new tab)
It affected at least one Mashable reporter, senior features writer Rebecca Ruiz, who is still out as of this writing. his account(opens in a new tab),
credit: screenshot / twitter
That Twitter, in addition to preventing verified accounts from tweeting for several hours, felt the need to completely freeze account access for a vast swath of its users speaks to the seriousness of the hack.
Speaking of which, screenshots claiming to be of the Twitter backend admin tool started circulating the internet yesterday. The possibility that outsiders gained access to an internal Twitter tool aligns with the company’s recent public-facing statements.
Credits: Screenshot of the alleged Twitter panel
“We have detected what we believe is a coordinated social engineering attack by individuals with access to internal systems and tools that successfully targeted some of our employees,” the company said. announced(opens in a new tab) Wednesday late night.
When asked if the screenshots were legit, and related to Wednesday’s incident, a otherwise uncommunicative Twitter spokesperson would not comment. Independent reporting by Motherboard(opens in a new tab)and by Krebs on Security(opens in a new tab)However, that suggests the screenshots are of actual backend Twitter panels that were involved in Wednesday’s hack.
Credits: Screenshot of the alleged Twitter panel
Dan Tentler, executive founder of security company Phobos Group(opens in a new tab)explained over email that, given the seriousness of the breach, things could have been much worse — for Twitter, its users, and everyone else.
“For attackers to gain access like this and use it to further a bitcoin scam? It says a lot about the nature of the attackers,” he wrote. “if I was [James Bond villain] Mr. Blofeld in this role-play, and I got access like this? Let’s just say that in terms of a list of what to do ‘scamming people out of bitcoin’ wouldn’t even be on the same planet.”
“if I was [James Bond villain] Mr. Blofeld in this role-play, and I got access like that? Let’s just say that in terms of a list of what to do ‘scamming people out of bitcoin’ wouldn’t even be on the same planet.”
Twitter, for its part, wants all users who are now locked out of their accounts to know that it hasn’t forgotten about them.
See also: Obama and Biden’s Twitter accounts were hacked. it could be worse.
“We are working to help people regain access to their accounts as quickly as possible if they were actively locked out,” a company announced(opens in a new tab) Thursday afternoon. “This may take additional time as we are taking additional steps to confirm that we are providing access to the correct owner.”
And, hey, getting temporarily locked out of an account, while incredibly frustrating, is better than losing it or having it abused by hackers. But still, it would have been nice if Twitter had managed to close that barn door a little quicker.
