Twitter Inc. has stepped up its search for its chief information security officer in recent weeks, two people familiar with the matter told Reuters, after a celebrity account intrusion on Wednesday raised concerns about the security of the platform, Reuters reported. The San Francisco branch of the FBI, which is leading the investigation into the Twitter hack, said in a statement that more Washington lawmakers are demanding clarification of what happened.
Law enforcement agencies say hackers have committed cryptocurrency fraud after seizing control of the Twitter accounts of celebrities and politicians, including Joe Biden, Kim Kardashian, Barack Obama and Elon Musk. A day after the breach, Twitter said there was no evidence that the attacker scored the password, but it was unclear whether the hacker would be able to see private messages sent by the account holder.
In a statement, the company said it was continuing to lock in accounts that had changed its passwords in the past month, but said “we believe that only a small proportion of those locked-in accounts have been compromised.” Twitter declined to comment on the search for a chief information security officer.
To show how unnerved U.S. lawmakers is, democrats and Republicans alike have shown a rare bipartisan consensus that Twitter must better explain how security breaches occur and what it is doing to prevent future attacks. “This hackisisisisisis is an ominous sign for the November vote,” Democratic Senator Richard Blumenthal said in a statement, denouncing Twitter’s “repeated security breaches that fail to secure the account.”
Jim Jordan, a Republican on the House Judiciary Committee, took a similar view, asking what would happen if Twitter allowed a similar incident to happen on November 2, the day before the U.S. presidential election. As of Thursday afternoon, Jordan said, his Twitter account was still being locked.
White House spokesman Kayleigh McEnany said U.S. President Donald Trump, a frequent Twitter user who regularly tweets, plans to continue tweeting and that his account was not compromised during the attack. She said the White House “has been in touch with Twitter for the last 18 hours” to secure Trump’s Twitter account.
Twitter said the hackers targeted employees who had access to its internal systems and “used this permission to control a number of high-profile, including verified, accounts.”
Other celebrity accounts hacked include rapper Kanye West, Amazon founder Jeff Bezos, investor Warren Buffett, Microsoft co-founder Bill Gates, and corporate accounts for Uber and Apple.
The company, which has not had a security chief since December, said the hackers carried out “coordinated social engineering attacks” on its employees. Some security experts who have studied the hack from outside believe that multiple participants may be involved. Their theory is that access to employee tools should have been more closely monitored, but spread among those interested in prestige accounts to show off their rights or money. It may spread further.
In the course of investigating the incident, Twitter took a very unusual step of temporarily blocking many verified accounts from posting messages. The hijacked accounts posted messages on Twitter telling users to send bitcoins. Publicly available blockchain records show that apparent fraudsters received cryptocurrencies worth more than $100,000.
As of Thursday, Twitter continued to block tweets containing the Bitcoin address used by the scammers. Facebook appeared to temporarily activate a similar security feature on its Messenger service on Wednesday, but did not respond to a query about whether it was also targeted.
Twitter CEO Jack Dorsey said Wednesday that it was a “tough day” for everyone on Twitter and promised that “when we have a fuller picture of what’s going on, we’ll share everything.” Dorsey’s assurances have not allayed Washington’s concerns about social media companies whose policies have been censored by critics on the left and right.
Frank Pallone, a Democrat who chairs the House Energy and Commerce Committee, said the company needed to explain how the hacks happened. The House Intelligence Committee has been in contact with Twitter about the hack.