Twitter said users’ passwords weren’t stolen in a widespread digital attack Wednesday, despite the fact that hackers were able to send tweets from several high-profile accounts. “We have no evidence that attackers accessed passwords,” Twitter said in an update Thursday. “Currently, we don’t believe resetting your password is necessary.”
Some people who changed their passwords in the past 30 days may still be blocked from accessing their accounts, the company said, but that doesn’t mean those accounts were compromised. The hack on Wednesday affected some of the world’s most recognisable people, including Democratic presidential candidate Joe Biden, former President Barack Obama, and Tesla Chief Executive Officer Elon Musk. Those who gained the access to the accounts used them to attempt a bitcoin scam, sending tweets asking for people to give them money in exchange for a bigger payment in return.
Twitter said on Wednesday evening that the hack was part of a “coordinated social engineering attack” that targeted Twitter employees. It granted hackers access to some of the company’s internal systems, and then high-profile user accounts, the company said. That forced Twitter to temporarily halt verified accounts from sending any tweets.
Twitter said it would take “significant steps to limit access to internal systems and tools while our investigation is ongoing.” Twitter is still probing how the attack was carried out and has not disclosed if any other information related to the accounts, such as data like private messages, was compromised.
US politicians quickly called on Twitter to share more information. “The ability of bad actors to take over prominent accounts, even fleetingly, signals a worrisome vulnerability in this media environment,” said Democratic Senator Mark Warner, vice chairman of the Intelligence Committee, and one of the tech industry’s most vocal critics. The Federal Bureau of Investigation is also investigating the hack.