enterprise| enterpriseauthorTom KrazitNoneAre you keeping up with the latest cloud developments? Get Tom Krazit and Joe Williams' newsletter every Monday and Thursday.d3d5b92349
×

Get access to Protocol

I’ve already subscribed

Will be used in accordance with our Privacy Policy

Power

Hackers took over Twitter after 'a coordinated social engineering attack' on employees

The accounts of Jeff Bezos, Tim Cook, Bill Gates, Elon Musk, Joe Biden and many more were compromised. But a lot of unanswered questions remain.

Hackers took over Twitter after 'a coordinated social engineering attack' on employees

"You may be unable to Tweet or reset your password while we review and address this incident," tweeted the official Twitter Support account.

Image: Protocol

Twitter acknowledged Wednesday evening that a third party was able to target its employees with "social engineering" techniques to gain control of the accounts of some of its most prominent users, uncorking a Bitcoin scam and sending the internet into a tizzy for several hours.

"We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools," Twitter said through its Twitter Support account hours after the first hijacked tweets were sent. "We know they used this access to take control of many highly visible (including verified) accounts and Tweet on their behalf."

The accounts of Jeff Bezos, Tim Cook, Bill Gates, Elon Musk, Joe Biden, Kanye West, Kim Kardashian-West and a number of other major figures in tech, media and politics began tweeting out the same message midafternoon on the West Coast, urging their combined tens of millions followers to donate thousands of dollars in Bitcoin to a mystery account.

Shortly thereafter, verified users lost the ability to post. Unverified users began celebrating with tweets and GIFs. "The revolution will be unverified," one Twitter user wrote.

The block on verified accounts prevented major news organizations, federal agencies, police departments and state governments from tweeting out information.

Most of the messages, which began with the phrase "I am giving back to the community," promised to double the donations of anyone who sent Bitcoin to a particular wallet. Within hours, more than 300 people had sent more than $110,000.

More than an hour after the hacks began, scam tweets were still being sent from the accounts of additional celebrities. "We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely," Twitter Support said late Wednesday.

A key question Twitter will need to answer in the coming days and weeks is not just how this breach occurred, but also how much access the hackers had to those users' accounts. The collateral damage could be infinitely larger, for instance, if the hackers had a window into these people's direct messages.

"Internally, we've taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues," Twitter Support said late Wednesday.

The Biden campaign told Protocol in a statement, "Twitter locked down the account immediately following the breach and removed the related tweet. We remain in touch with Twitter on the matter." The campaign didn't immediately respond to a question about whether it had two-factor authentication enabled.

Shortly after the breach, Republican Sen. Josh Hawley of Missouri sent a letter to Twitter CEO Jack Dorsey demanding answers about the scope of the damage and asking Dorsey to contact the Department of Justice and the Federal Bureau of Investigations for help looking into the matter. "I am concerned that this event may represent not merely a coordinated set of separate hacking incidents but rather a successful attack on the security of Twitter itself," the letter reads. "A successful attack on your system's servers represents a threat to all of your users' privacy and data security."

Twitter CEO Jack Dorsey addressed the hack in a tweet earlier Wednesday evening, but it didn't explain much. "Tough day for us at Twitter," Dorsey wrote. "We all feel terrible this happened. We're diagnosing and will share everything we can when we have a more complete understanding of exactly what happened." He ended with a blue heart emoji for "our teammates working hard to make this right."

Update: This post was updated at 8:15 p.m. PT with more information from Twitter Support.

People

Expensify CEO David Barrett: ‘Most CEOs are not bad people, they're just cowards’

"Remember that one time when we almost had civil war? What did you do about it?"

Expensify CEO David Barrett has thoughts on what it means for tech CEOs to claim they act apolitically.

Photo: Expensify

The Trump presidency ends tomorrow. It's a political change in which Expensify founder and CEO David Barrett played a brief, but explosive role.

Barrett became famous last fall — or infamous, depending on whom you ask — for sending an email to the fintech startup's clients, urging them to reject Trump and support President-elect Joe Biden.

Keep Reading Show less
Benjamin Pimentel

Benjamin Pimentel ( @benpimentel) covers fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at bpimentel@protocol.com or via Signal at (510)731-8429.

Doxxing insurrectionists: Capitol riot divides online extremism researchers

The uprising has sparked a tense debate about the right way to stitch together the digital scraps of someone's life to publicly accuse them of committing a crime.

Rioters scale the U.S. Capitol walls during the insurrection.

Photo: Blink O'faneye/Flickr

Joan Donovan has a panic button in her office, just in case one of the online extremists she spends her days fighting tries to fight back.

"This is not baby shit," Donovan, who is research director of Harvard's Shorenstein Center on Media, Politics and Public Policy, said. "You do not fuck around with these people in public."

Keep Reading Show less
Issie Lapowsky
Issie Lapowsky (@issielapowsky) is a senior reporter at Protocol, covering the intersection of technology, politics, and national affairs. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University’s Center for Publishing on how tech giants have affected publishing. Email Issie.
Politics

Trump got all he needed from Twitter. Now, he still has all the power.

President Trump used Twitter to become the most powerful man in the world. Now, that power is his to keep.

Trump became the most powerful man in the world thanks to Twitter. Now that he's banned, he'll take that power with him.

Photo: Joshua Hoehne/Unsplash

On Friday night, Twitter announced that it was forever banning President Trump from the digital podium where he conducted his presidency and where, for more than a decade, he built an alternate reality where what he said was always the truth.

There are moral arguments for not doing business with the guy who provoked a violent mob to invade the U.S. Capitol, leaving several people dead. There have been moral arguments for years for not doing business with the guy who spent most of his early mornings and late nights filling the site with a relentless stream of pithy, all-caps conspiracy theories about everything from Barack Obama's birthplace to the 2020 election. There are also moral arguments against tech companies muzzling the president of the United States at all.

Keep Reading Show less
Issie Lapowsky
Issie Lapowsky (@issielapowsky) is a senior reporter at Protocol, covering the intersection of technology, politics, and national affairs. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University’s Center for Publishing on how tech giants have affected publishing. Email Issie.
Power

Pressure mounts on tech giants to ban Trump, as rioters storm Capitol

Facebook, Twitter and YouTube removed a video in which Trump expressed love for the rioters, but none of the companies have banned him outright — yet.

Twitter locked President Trump's account.

Image: Twitter

Twitter, Facebook and YouTube took action against several of President Trump's posts Wednesday, labeling the posts, limiting reshares and removing a video in which President Trump expressed his love for rioters who stormed the U.S. Capitol building, leading to the evacuation of the Senate, the deployment of the National Guard and to one person being shot and killed. Twitter locked President Trump's account, requiring him to remove three tweets and saying that his account would remain locked for 12 hours after those tweets were removed. Twitter also warned that any future violations would get him banned. Facebook also locked his account for 24 hours, citing "two policy violations." These actions followed a day of calls from tech investors, academics and others to kick Trump off of their platforms once and for all.

In an early tweet, University of Virginia law professor Danielle Citron implored Twitter CEO Jack Dorsey to take action. "As someone who has served on your Trust and Safety Board since its inception and counseled you since 2009, time is now to suspend President Trump's account," Citron wrote. "He has deliberately incited violence, causing mayhem with his lies and threats."

Keep Reading Show less
Issie Lapowsky
Issie Lapowsky (@issielapowsky) is a senior reporter at Protocol, covering the intersection of technology, politics, and national affairs. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University’s Center for Publishing on how tech giants have affected publishing. Email Issie.
Politics

Here’s how Big Tech is preparing for regulations in 2021

Companies know that the heat is only going to increase this year.

2021 promises to be a turbulent year for Big Tech.

Photo: Ting Shen/Getty Images

The open internet. Section 230. China. Internet access. 5G. Antitrust. When we asked the policy shops at some of the biggest and most powerful tech companies to identify their 2021 policy priorities, these were the words they had in common.

Each of these issues centers around a common theme. "Despite how tech companies might feel, they've been enjoying a very high innovation phase. They're about to experience a strong regulation phase," said Erika Fisher, Atlassian's general counsel and chief administrative officer. "The question is not if, but how that regulation will be shaped."

Keep Reading Show less
Anna Kramer

Anna Kramer is a reporter at Protocol (@ anna_c_kramer), where she helps write and produce Source Code, Protocol's daily newsletter. Prior to joining the team, she covered tech and small business for the San Francisco Chronicle and privacy for Bloomberg Law. She is a recent graduate of Brown University, where she studied International Relations and Arabic and wrote her senior thesis about surveillance tools and technological development in the Middle East.

Latest Stories