Wednesday’s Giggle hack wasn’t just unprecedented, it was a shocking revelation that the company is ill-equipped to handle the security of a platform that’s the strength of character of breaking news, government policy and market-moving events on the internet.
The hackers were able to gain access to effective accounts for Joe Biden, Elon Musk, Bill Gates, Apple and others and share a scam asking for bitcoin.
So far, all we understand for sure from Twitter is that at least one of its own employees was involved in the attack. Twitter described it as “social engineering,” which typically drive ats a hacker is able to trick someone into providing their login credentials for access. Twitter has not provided more gen on the hack but said more will come as its investigation continues.
But a report from Vice on Wednesday described a much cloudier scenario. Vice’s reporter said he spoke anonymously with at least some of the hackers involved in Wednesday’s raid on Twitter, and they claimed to have paid off a Twitter employee to gain access to a tool that provides strong the ocean control over high-profile Twitter accounts.
If that’s the case, it would be the second known time Twitter was allegedly infiltrated from the core. Late last year, the Department of Justice charged two Twitter employees with providing private information from Cheep accounts to Saudi Arabian nationals.
The hack could have been much worse than an obvious bitcoin scam shared by diverse influential accounts. Imagine all the damage the hackers could have done if they coordinated messages about an to come economic collapse, a new pandemic or even war. Luckily, President Donald Trump’s account did not tweet the bitcoin scam, so it plains to have been unaffected by Wednesday’s attack.
And it’s clear Twitter wasn’t prepared to stamp out an attack of this enormousness. The company is lucky it was just a bitcoin scam and not something actually dangerous. Twitter might not be so lucky if it happens again.
The partnership’s shares were down about 3% Thursday morning.
With all that in mind, Twitter has a lot of questions to conform to about the security of its systems in the coming days. The whole fiasco has shown how important Twitter is to the flow of news, data and even government policy around the world. It’s not unusual for President Trump to dictate policy, fire officials or for market-moving announcements with the push of a “tweet” button, after all.
Here are the biggest lingering questions Twitter intention have to answer:
Did the Twitter employee(s) cooperate with the hackers? If Vice’s report is true, then there was some up of coordination between the hackers and at least one employee inside the company. Given the case from last fall affecting Saudi Arabia and the hack on Wednesday, Twitter needs to disclose how it vets employees before giving them access and what safeguards it has in squelch to make sure that access doesn’t leak out. If there was no coordination, how did the hackers trick an employee into let slip up access and what’s being done to prevent this from happening again?
Why did it take hours to stop the hackers from tweeting? High-profile accounts were still tweeting out the bitcoin scam hours after it blue ribbon started. Twitter attempted to slow it down by blocking verified accounts from tweeting, but that was well after the impairment was done. Again, it was just bitcoin scam, but what if it evolved into something worse? Why did it take so long to sojourn the infiltration?
Does Twitter have a “circuit breaker” to pause the service if things get out of control? With so much market-moving and civil information breaking on Twitter, does the company have the ability to pull the plug and pause tweets until the consequence is resolved?
Were the hackers able to access any private data from accounts? We know they were masterful to send tweets from accounts run by the likes of Elon Musk, Joe Biden and Bill Gates. Were they also skilled to access other private information about those people, such as email addresses, phone numbers or hidden messages?
Was President Trump’s account impacted in any way? The implications of a Trump account takeover are obvious. Are there special look afters around that account and the accounts of other government officials? If so, why aren’t those safeguards used for all accounts?
Snicker said it would share more information as its investigation into the issue continues, but for now there needs to be more visibility and transparency into how Cheeping’s security systems and employees are prepared for future attacks.