There have been significant developments in the Twitter hack that saw the takeover of many high-profile accounts, including Apple, Joe Biden, Elon Musk, Jeff Bezos, Bill Gates, Mike Bloomberg, Kayne West, Uber, Floyd Mayweather, Warren Buffett, and Barack Obama.
Twitter said yesterday that the passwords were not compromised, but later blocked all accounts where there was an attempt to change the password in the last 30 days …
More blocked accounts
The official Twitter support account says this is purely precautionary, but suggests that the company is less confident in its understanding of what might have happened during the attack.
We have no evidence that the attackers accessed the passwords. Currently, we do not believe it is necessary to reset your password.
As a precaution, and as part of our response to yesterday’s incident to protect people’s safety, we took the step of blocking any account that has attempted to change the account password for the past 30 days. […]
If your account was blocked, this does not necessarily mean that we have evidence that the account was compromised or accessed. So far, we believe that only a small subset of these blocked accounts was compromised, but we are still investigating and will inform those affected.
We are working to help people regain access to their accounts as soon as possible if they were proactively blocked. This may take longer as we are taking additional steps to confirm that we are granting access to the rightful owner.
Why wasn’t Donald Trump’s account hacked?
Twitter has revealed that a total of 130 accounts were attacked in the attack. You have not indicated how many of these accounts were successfully taken.
With hackers capable of taking over so many high-profile accounts, including former President Barack Obama, it seems surprising that Trump’s account has not been affected.
However, a New York Times The piece says that there are additional safeguards to protect your account.
President Trump’s account was unaffected by the breach, Kayleigh McEnany, White House press secretary, said Thursday. The Trump account gained additional protection after past incidents, according to a senior administration official and a Twitter employee, who would speak only anonymously because security measures were private.
As expected, details of these safeguards were not disclosed.
A possible suspect has been identified
Security journalist Brian Krebs has identified a possible suspect.
Twitter account @shinji was tweeting screenshots of internal Twitter tools […] Cached copies of @ Shinji’s tweets before Wednesday’s attack on Twitter are available here and here from the Internet Archive. Those caches show that Shinji claims ownership of two OG accounts on Instagram: “j0e” and “dead.”
KrebsOnSecurity heard from a source who works security at one of the largest mobile phone operators based in the United States, who said that the “j0e” and “dead” Instagram accounts are linked to a notorious SIM exchanger that receives the nickname “PlugWalkJoe”. Investigators have been tracking PlugWalkJoe because he is believed to have been involved in multiple SIM swap attacks during the years that preceded the high dollar bitcoin thefts. […]
The profile picture in the other Archive.org index of the Twitter account @shinji […] it’s the same image as the one included in Wednesday’s @Shinji screenshot where Joseph / @ Shinji was tweeting photos from Twitter’s internal tools.
This individual, the source said, was a key participant in a group of SIM exchangers who adopted the nickname “ChucklingSquad,” and was thought to be behind the hijacking of CEO Jack Dorsey’s Twitter account last year.
The mobile industry security source told KrebsOnSecurity that PlugWalkJoe in real life is a 21-year-old from Liverpool, UK. [Krebs names the suspect, but we have not done so here to avoid compromising any legal proceedings which may follow.]
The source said PlugWalkJoe is in Spain, where he was attending a university until earlier this year. He added that PlugWalkJoe has been unable to return home due to travel restrictions due to the COVID-19 pandemic […]
PlugWalkJoe was the subject of an investigation in which an investigator was hired to strike up a conversation with PlugWalkJoe and convince him to accept a video chat. The source further explained that a video they recorded of that chat showed a distinctive pool in the background.
According to the same source, the group that appears on PlugWalkJoe’s Instagram account (instagram.com/j0e) is the same group that they saw in their video chat with him.
It is still unclear whether the DMs were compromised
It is unclear whether direct messages were accessed.
Twitter confirmed in 2018 that a “ limited number ” of employees can read direct messages, but denied claims that this was done routinely.
The tools that the hacker was able to use would also be limited to a small number of employees, but it is not known if they are the same ones that allow access to DMs. the NYT Appoint a security expert on what must be the understatement of the month.
Experts believe that, depending on how long hackers have had administrative access, there could be more consequences.
“What you saw on Wednesday was probably not the end of the incident,” said Alon Gal, chief technology officer for Hudson Rock, a cybersecurity intelligence firm that has been investigating the attack. “If they have access to direct messages, this is not over.”
While techies will be aware that DMs don’t use end-to-end encryption, so they’re not a good place to discuss sensitive issues, most would assume that private messages are, well, private. The potential gold mine of information that could be gathered from such prominent accounts is enormous.
Google removes Twitter carousel from search results
Search Engine Land He notes that Google responded to the hack by making sure tweets were less prominent in search results.
Google has removed the prominent Twitter carousel from Google’s search results pages after many major Twitter accounts were hacked yesterday. If you missed the hacking news from Twitter, you can read it on Techmeme. But this news caused Google to completely remove Twitter carousel boxes from their search results pages.
The Twitter search carousel box not only disappeared for those accounts that were hacked, it disappeared for any Twitter account. Google has confirmed to have completely removed the box from the search results.
Of course, there will be much more to come in this story.
Photo: Pxhere
FTC: We use automatic affiliate links that generate income. Plus.
Check out 9to5Mac on YouTube for more Apple news: