Read on Twitter
Terminology clarification:
The accounts are not being individually hacked as traditionally reported.
The Twitter authorization system is being hacked or employee access abused for Account Takeover.
You could argue this is semantics, but at least to me there is a difference.
The accounts are not being individually hacked as traditionally reported.
The Twitter authorization system is being hacked or employee access abused for Account Takeover.
You could argue this is semantics, but at least to me there is a difference.
Note the email addresses change. Twitter has no reason to give employees native access to impersonate users.
Accounts are being stolen, auth token generated, and tweeted from. Note how legitimate users still have tokens to delete tweets. Not a clean hit. https://twitter.com/sniko_/status/1283485972286656517">https://twitter.com/sniko_/st...
Accounts are being stolen, auth token generated, and tweeted from. Note how legitimate users still have tokens to delete tweets. Not a clean hit. https://twitter.com/sniko_/status/1283485972286656517">https://twitter.com/sniko_/st...
All platforms of this size eventually have this problem. Twitter has had it plenty of times before – but they’re reported through a bug bounty program/sold for spying not used to scam Bitcoin. This is nothing novel it’s just visible. You should operate assuming these things.
Note: This analysis is only what’s highly likely it’s not based on any internal knowledge or hard rules about how this works. I’m just posting thoughts that could be wrong.
Without internal knowledge at Twitter of how this attack is happening or what other support systems are coincidentally degraded it’s easy to say what they should do. We’ll just have to wait. No plan of action survives contact with the enemy.
This may be coincidence but @DylanReeve (a VIT account, like VIP for Twitter) appears to have hit some security guardrail Twitter just set up. Again, we can’t see the fire they’re fighting or how they’re doing it.
Update (thanks @ThreeFDDI).
See, this is the kind of Panic Button they likely had planned or already in place. Twitter has been doing Twitter for a very long time. https://twitter.com/twittersupport/status/1283526400146837511">https://twitter.com/twittersu...
See, this is the kind of Panic Button they likely had planned or already in place. Twitter has been doing Twitter for a very long time. https://twitter.com/twittersupport/status/1283526400146837511">https://twitter.com/twittersu...
Update: Internal reporting agrees with the early assessment it was account takeover via an admin tool, though there’s still questions I have and likely plenty of specific details coming in a requested congressional response. https://twitter.com/zackwhittaker/status/1283594532140056576">https://twitter.com/zackwhitt...
I want Twitter to do better, but I’ve also been in that room with attackers in your infrastructure benefiting from fog of war and degraded staff communications and known anyone who hadn’t lived it it would criticize it. I’ll hold tounge until we actually know confounding factors.
Twitter posted an update. https://twitter.com/twittersupport/status/1283591844962750464">https://twitter.com/twittersu...
