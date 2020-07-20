Even more striking: The hackers were able to download a wide swath of information – including an archive that contains direct messages, tweets and profile information – for eight accounts. None of these were verified users, the company said.

The findings underscore that the attackers' actions went beyond simply posting similar messages directing Twitter users to send money to cryptocurrency accounts, as Rachel Lerman, Joseph Marks and I detailed last week. However, a law enforcement official told Rachel that the attack does not appear to be politically motivated and was focused on the fraud scheme.

The revelations raise new questions about the security of personal data on Twitter.

The highly sensitive information the hackers had access to could be leveraged in far more sinister ways. If the attackers obtained direct messages, for instance, they could leak them to embarrass public figures or create chaos during a major event, or say, the presidential election.

AD

AD

Even though the hackers were not able to obtain the direct messages of the public figures – who all have verified accounts – using the tool Twitter identified, they may have obtained them using other means during the heist. Twitter says its investigation remains ongoing, and it declined to comment beyond the blog post.

Another risk: Details such as phone numbers and email addresses for powerful individuals – such as former president Barack Obama or Washington Post owner and Amazon chief executive Jeff Bezos who were also targeted – could be leveraged to conduct other online scams.

The incident could increase pressure for Twitter to encrypt direct messages.

Sen. Ron Wyden is calling on Twitter to adopt tougher security measures to ensure the messaging feature isn't abused by hackers or employees. The Oregon Democrat said that Twitter chief executive Jack Dorsey told him during a 2018 meeting that Twitter was working on end-to-end encrypted direct messages, but that feature has never materialized.

AD

AD

“While it still isn't clear if the hackers behind [Wednesday's] incident gained access to Twitter direct messages, this is a vulnerability that has lasted for far too long, and one that is not present in other, competing platforms,” Wyden said in a statement. “If hackers gained access to users' DMs, this breach could have a breathtaking impact, for years to come.”

The social network’s rocky record on data security is under new scrutiny.

Dorsey’s own Twitter account was hacked less than a year ago. Other prominent brands have fallen victim to attacks, including many National Football League organizations earlier this year. And there has already been scrutiny of the broad access Twitter employees have to accounts, sparked by an incident several years ago when a departing employee deleted President Trump’s account.

AD

AD

Now the FBI will lead a federal inquiry into the hack, and Gov. Andrew M. Cuomo (D) directed New York state to start its own probe, as Rachel reported.

Washington lawmakers — including Sen. Josh Hawley (R-Mo.), Sen. Ed Markey (D-Mass.) and Sen. Richard Blumenthal (D-Conn.) — have also pressed Twitter for more details about the incident.

Twitter remains under an order with the Federal Trade Commission, due to previous privacy lapses. The FTC has declined to comment on the incident, but former agency officials say the recent hack could be grounds for it to open a fresh probe into Twitter.

Twitter has promised to be transparent about its investigation, and it said it was further securing its systems to prevent future attacks. It’s also increasing security training for its employees, as the company’s initial findings suggest some of its employees fell victim to a social engineering attack.

AD

AD

“We’re embarrassed, we’re disappointed, and more than anything, we’re sorry,” the company wrote in the blog post.

Early reports suggest a group of young people carried out the attack.

A new report from the New York Times indicates that the hack was the work of a group of young people, including one who still lives at home with his mom. The Times interviewed four people who participated in the breach, who said they got to know each other because of their interest in early or unusual screen names, especially with one character, such as @6.

A user named “Kirk” claimed to work at Twitter and had access to powerful insider tools that allowed him to take control of almost any Twitter account. However other hackers involved in the incident do not believe Kirk actually worked for the company because of how much damage he was willing to inflict. Kirk's identity and motivation remain a mystery to even the people who worked with him.

Our top tabs

The Trump campaign is attacking TikTok for allegedly spying on users in new ads.

The campaign has posted more than 100 versions of Facebook ads accusing the Chinese company of monitoring data copied by users' phones, Donie O'Sullivan at CNN reports.

AD

AD

The ads directed Facebook users to sign a petition banning TikTok. From The New York Times's Taylor Lorenz:

Facebook removed one of the ads with a checkbox graphic for violating its policy against graphics with nonexistent features.

"We get that election rhetoric gets heated, which is why we don't accept political ads on our platform. What's more interesting is that Facebook is taking money for a political ad that attacks a competitor just as it's preparing to launch a TikTok copycat," a TikTok representative told CNN.

TikTok's access to users' clipboards, which store copied data such as passwords, sparked security concerns last month. TikTok said it used the access to prevent spammy behavior but discontinued the feature shortly after the backlash.

AD

The White House's threat to ban the app, which is owned by China's ByteDance, is the latest step in Trump's push against the alleged security threats of Chinese technology. Trump has accused TikTok of sharing user data with the Chinese government. TikTok has repeatedly said the Chinese government has not asked it for data, and it would not comply if it did.

AD

The administration has also gone after other Chinese tech companies for alleged spying, including telecommunications firm Huawei. TikTok recently put on hold plans to build a headquarters in London following a similar clash between the United Kingdom and Huawei, the Guardian reports.

This isn't the first time Trump has run ads against social media platforms. His campaign ran an ad earlier this month slamming Snap and Twitter for allegedly censoring conservative voices.

Disney is the latest company to slash advertising on Facebook.

The company is one of Facebook's biggest clients, underscoring the rising tensions between the social network and advertisers over its handling of harmful or hateful content. Disney expressed concerns with Facebook's enforcement of policies for hate speech and other incendiary content, Suzanne Vranica at the Wall Street Journal reports.

AD

AD

Disney spent $210 million on ads for its Disney Plus streaming in the first half of the year, making it Facebook's biggest advertising client. Last year it was Facebook's second-biggest advertising client.

Disney also paused spending on Instagram for streaming service Hulu and is reevaluating spending in other divisions, Suzanne reports.

Disney did not publicize the cuts or express participation in the ongoing organized boycott against Facebook by advertisers.

Facebook met with organizers of the boycott, known as the #StopHateForProfit campaign, earlier this month to discuss their concerns.

Increased reliance on foreign students has put tech companies at odds with the Trump administration.

The number of foreign students hired by tech companies is nearly six times greater than a decade ago, Kira Tebbe reports for OneZero.

AD

AD

The top five tech companies were granted more than 30 percent of the 85,000 visas allotted for skilled foreign workers last year. For some companies, the ability to hire foreign workers has been key to rapid growth: The number of workers hired under the H1-B visa at Amazon grew from 523 in 2010 to 8,585 last year.

But Trump's attacks on foreign workers have put that growth at risk. Last month major tech companies and industry groups blasted Trump's order to block H-1B visas until the end of the year. They argued that shutting out foreign talent would hurt U.S. innovation.

Last week, 19 tech companies and industry groups including Google, Facebook and Microsoft signed an amicus brief in support of a lawsuit by Harvard and MIT to halt a policy that would have barred international students from staying in the United States if their universities didn't host physical classes. The administration reversed the policy, settling the lawsuit.

Rant and rave

A picture of Mark Zuckerberg surfing with a lot of sunscreen took Twitter by storm yesterday.

Some users defended his skin protection:

And he appeared to be using sunscreen that was safe for the coral reef. The New York Times's Sheera Frankel:

Twitter's Nick Pacilio pointed out that the real focus should be on the fact that Zuckerberg was riding an extremely expensive electric surfboard in a state where locals have accused him of forcing them off their land.

Trump tracker

Twitter removed a tweet shared by Trump over a copyright complaint.

The video, first shared by White House deputy chief of staff for communications Dan Scavino, depicted a montage of Trump's inauguration speech set to the Linkin Park song “In the End.” But the band said it didn't approve the usage and sent a cease and desist request, the Verge reports. Twitter confirmed Sunday it removed the video for a copyright violation.

Agency scanner

The FTC is considering deposing top Facebook officials in its antitrust probe.

Facebook executives including chief executive Mark Zuckerberg and Chief Operating Officer Sheryl Sandberg are preparing for the agency to request sworn testimony, the Wall Street Journal reports. The agency did not depose executives in its previous probe into the company's privacy practices.

More in agency news:

Workforce report

Drivers are slamming Lyft for trying to sell them masks and clear partitions.

Lyft announced Friday that it would provide free clear partitions for about 60,000 drivers, CNBC reports. But that leaves more than 1 million other drivers to purchase their own.

Drivers criticized the ride-hailing company for opening an online shop to sell partitions and other safety equipment rather than providing it free to drivers.

Gig Workers Rising compared the tactic to hospitals charging nurses for protective equipment:

More in workforce news:

Trending

Bookmark this

Daybook

The Senate Commerce subcommittee on manufacturing, trade, and consumer protection will hold a hearing on protecting Americans from coronavirus scams on July 21 at . 2:30 p.m

Before you log off