Reuters had previously reported that the FBI would launch an investigation into the hack. Twitter did not respond to a request for comment on the investigation.
The FBI investigation is now one of multiple investigations into the incident, which has come under scrutiny by various officials. New York Governor Andrew Cuomo also announced an investigation into the attack. Cuomo said the hack was “deeply troubling and raises concerns about the cybersecurity of our communications systems.”
Several members of Congress have also expressed their concern. Missouri Senator Josh Hawley sent a timely letter to Twitter CEO Jack Dorsey in the hours immediately following the attack, and several House Republicans have said Dorsey should report to Congress on the company’s security practices and events leading up to the attack.
So far, Twitter has provided relatively little detail on how the attacks happened. The company attributed it to a “social engineering attack” that targeted employees with access to internal tools that could grant access to the account. The company has not directly commented on speculation that an employee has been paid to assist in the attack. Twitter also said that it does not believe the users’ passwords have been compromised.
Regardless of the hackers’ methods, which so many influential accounts, including a former president and a current presidential candidate, were compromised raises serious questions about Twitter’s security practices. The company previously dealt with employees using their position to improperly access accounts, including a rogue contractor who temporarily deactivated Donald Trump’s account and former employees who were accused of spying for Saudi Arabia.
As many have pointed out, the latest attacks could have been much worse than even those incidents. Hackers with access to some of the most influential accounts and their millions of followers could have done more easily than trying to scam unsuspecting users out of the cryptocurrency. And the fact that attackers had access to these accounts probably means that direct messages from users were also accessible. If that’s the case (Twitter hasn’t indicated whether direct messages were affected), then it’s possible that hackers could wreak even more havoc than they already have.
