Jump to content

Search the Community

Showing results for tags 'twitter'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 114 results

  1. How the Alleged Twitter Hackers Got Caught Bitcoin payments and IP addresses led investigators to two of the alleged perpetrators in just over two weeks. Photograph: David Paul Morris/Bloomberg/Getty Images On July 15, a Discord user with the handle Kirk#5270 made an enticing proposition. “I work for Twitter,” they said, according to court documents released Friday. “I can claim any name, let me know if you’re trying to work.” It was the beginning of what would, a few hours later, turn into the biggest known Twitter hack of all time. A little over two weeks later, three individuals have been charged in connection with the heists of accounts belonging to Bill Gates, Elon Musk, Barack Obama, Apple, and more—along with nearly $120,000 in bitcoin. Friday afternoon, after an investigation that included the FBI, IRS, and Secret Service, the Department of Justice charged UK resident Mason Sheppard and Nima Fazeli, of Orlando, Florida in connection with the Twitter hack. A 17-year-old, Graham Ivan Clark, was charged separately with 30 felonies in Hillsborough County, Florida, including 17 counts of communications fraud. Together, the criminal complaints filed in the cases offer a detailed portrait of the day everything went haywire—and how poorly the alleged attackers covered their tracks. All three are currently in custody. Despite his claims on the morning of July 15, Kirk#5270 was not a Twitter employee. He did, however, have access to Twitter’s internal administrative tools, which he showed off by sharing screenshots of accounts like “@bumblebee,” “@sc,” “@vague,” and “@R9.” (Short handles are a popular target among certain hacking communities.) Another Discord user who went by “ever so anxious#0001” soon began lining up buyers; Kirk#5270 shared the address of a Bitcoin wallet where proceeds could be directed. Offers included $5,000 for “@xx,” which would later be compromised. That same morning, someone going by “Chaewon” on the forum OGUsers started advertising access to any Twitter account. In a post titled "Pulling email for any Twitter/Taking Requests,” Chaewon listed prices as $250 to change the email address associated with any account, and up to $3,000 for account access. The post directs users to “ever so anxious#0001” on Discord; over the course of seven hours, starting at around 7:16 am ET, the “ever so anxious#0001” account discussed the takeover of at least 50 user names with Kirk#5270, according to court documents. In that same Discord chat, “ever so anxious#0001” said his OGUsers handle was Chaewon, suggesting the two were the same individual. Kirk#5270 allegedly received similar help from a Discord user going by Rolex#0373, although that person was skeptical at first. “Just sounds too good to be true,” he wrote, according to chat transcripts investigators obtained via warrant. Later, to help back up his claim, Kirk#5270 appears to have changed the email address tied to the Twitter account @foreign to an email address belonging to Rolex#0373. Like Chaewon, Rolex#0373 then agreed to help broker deals on OGUsers—where his user name was Rolex—with prices starting at $2,500 for especially sought-after account names. In exchange, Rolex got to keep @foreign for himself. By around 2 pm ET on July 15, at least 10 Twitter accounts had been stolen, according to the criminal complaints, but the hackers still seemed focused on short or desirable handles like @drug and @xx and @vampire, rather than celebrities and tech moguls. And the takeovers were an end unto themselves, rather than in service of a cryptocurrency scam. The deals brokered by Chaewon netted Kirk#5270 around $33,000 in bitcoin, according to the criminal complaint; Chaewon took in another $7,000 for his role as intermediary. The FBI believes that Rolex is Fazeli, and it charged him with one count of aiding and abetting the intentional access of a protected computer. They believe Sheppard is Chaewon, who is charged with conspiracy to commit wire fraud, conspiracy to commit money laundering, and the intentional access of a protected computer. The criminal complaints against Sheppard and Fazeli leave off here. Neither complaint identifies the individual behind Kirk#5270, or explicitly links that account to a named individual. But court documents in Clark's case allege that it was the 17-year-old who had gained access to Twitter’s systems, and who went on to take over the high-profile accounts in service of a bitcoin scam. The Justice Department has referred the case to the Hillsborough State Attorney Office, which is prosecuting Clark, according to the office's website, "because Florida law allows minors to be charged as adults in financial fraud cases such as this when appropriate." “He gained access to Twitter accounts and to the internal controls of Twitter through compromising a Twitter employee,” Hillsborough state attorney Andrew Warren said in a video conference Friday. “He sold access to those accounts. He then used the identities of prominent people to solicit money in the form of bitcoin, promising in return that he would send back twice as much bitcoin.” Court documents show approximately 415 payments to the bitcoin wallet associated with the scam, totaling the equivalent of around $177,000. As Twitter confirmed last week, 130 accounts were targeted in all. Attackers successfully tweeted from 45 of the accounts, accessed the direct messages of 36, and downloaded the Twitter data of seven. On Thursday evening, Twitter disclosed that attackers got in through social engineering, specifically through a phone spear-phishing attack, that targeted company employees. Court documents don’t provide much more detail than that, and only allege that Clark’s actions date back to on or around May 3. It’s also not entirely clear how investigators identified Clark, but the trail that led the FBI to Sheppard and Fazeli has much bigger bread crumbs. On April 2, the administrator of OGUsers announced that the forum had been hacked; a few days later, court documents say, a rival hacking gang put out a download link to a database of user information. It turned out to be quite a trove, full of not just user names and public postings but private messages between users, IP addresses, and email addresses. The FBI says it acquired a copy of the database on April 9. The work appears to have been quick from there. In Chaewon’s private messages on OGUsers, investigators say they found an exchange in February where Chaewon was instructed to pay for a videogame by sending bitcoin to a particular address. Activity on that wallet the next day was traced to a cluster of bitcoin addresses that, months later, would be used by “ever so anxious#0001” in his interactions with Kirk#5270. Investigators also used the database to connect Chaewon's account to another OGUsers handle, Mas. Both accounts signed onto the forums from the same IP address on the same day, according to the database leak; agents also found that multiple times between February 11 and 15 of this year, Chaewon posted ““IT IS MAS I AM MAS NOT BRY I AM MAS MAS [email protected],” which combined suggest that Chaewon and Mas are owned by the same individual. The Mas account was associated with the email account [email protected], investigators say, which was linked to a Coinbase account tied to Mason Sheppard. The bitcoin addresses associated with Chaewon had also processed numerous exchanges on the cryptocurrency exchange Binance, whose records also tied those accounts with Sheppard. Finally, court documents say that an unnamed juvenile who had allegedly assisted in the scheme told investigators that they knew Chaewon by the name Mason. Investigators rely on bitcoin and IP addresses to link the Rolex#0373 to Fazeli, as well, particularly one October 30, 2018 exchange that was referenced on the OGUsers forums. The Coinbase account involved in that transaction allegedly belonged to “Nim F,” under the email address “[email protected],” the same used to register the Rolex account on OGUsers. The Coinbase account had allegedly been verified with a Florida driver’s license in the name of Nima Fazeli, complete with the driver’s license number. Over time, court documents say, Fazeli would use his real driver’s license to register three separate Coinbase accounts, the third of which was frequently visited from the same IP address as the Rolex#0373 Discord account and Rolex account on OGUsers. “We appreciate the swift actions of law enforcement in this investigation and will continue to cooperate as the case progresses,” Twitter said in a tweeted statement. The FBI's San Francisco Office released a statement Friday indicating that the investigation was still ongoing. While the Twitter hack garnered major headlines, the social engineering attack at the heart of it is nothing new. “In terms of the M.O. of breaking into companies and then using the employee tools to perpetuate fraud, that is just another day for these guys,” says Allison Nixon, chief research officer with cybersecurity firm 221B, which assisted the FBI in the investigation. “This exact same M.O. was used against telcos for years prior to this.” Generally, the sort of social engineering used in the Twitter hack avoids legal scrutiny, Nixon says, because it’s considered a low level of attack. That’s obviously no longer the case when your hit list includes a former president and the two wealthiest men in the world. It’s also unclear how effective a deterrent these arrests will prove to be in the long run, given how entrenched this particular hacking community has become. If anything, the details in the criminal complaints may instruct future attacks. “Every single cycle of this teaches them to be better,” says Nixon, “because they get to see the evidence against them, and how they get caught.” How the Alleged Twitter Hackers Got Caught
  2. Florida teen arrested, charged with being “mastermind” of Twitter hack The 17-year-old is facing 30 felony fraud charges. 52 with 46 posters participating A Florida teen has been arrested and charged with 30 felony counts related to the high-profile hijacking of more than 100 Twitter accounts earlier this month. Federal law enforcement arrested Graham Ivan Clark, 17, in Tampa earlier today, the Office of Hillsborough State Attorney Andrew Warren said. The arrest followed an investigation spearheaded by the Federal Bureau of Investigation and the Justice Department. "These crimes were perpetrated using the names of famous people and celebrities, but they're not the primary victims here," said Warren. "This 'Bit-Con' was designed to steal money from regular Americans from all over the country, including here in Florida. This massive fraud was orchestrated right here in our backyard, and we will not stand for that." A security researcher who has been actively working with the FBI on the investigation into this month's breach told Ars that the hack was the result of painstaking research into Twitter employees, the social engineering of them by phone, and carefully timed phishing. Allison Nixon, chief research officer at security firm Unit 221B, said evidence collected to date shows that Clark and hackers he worked with started by scraping LinkedIn in search of Twitter employees who were likely to have access to the account tools. Using tools that LinkedIn makes available to recruiters, the attackers then obtained those employees’ cell phone numbers and other private contact information. The attackers then called the employees, and directed them to a phishing page that mimicked an internal Twitter VPN. Detailed work histories and other employee data the attackers obtained from public sources allowed the attackers to pose as people who were authorized Twitter personnel. Work at home arrangements cause by the COVID-19 pandemic also prevented the employees from using using normal procedures such as face-to-face contact, to verify the identities of co-workers. With the confidence of the targeted employees, the attackers directed them to a phishing page that mimicked an internal Twitter VPN. The attackers then obtained credentials as the targeted employees entered them. To bypass two-factor authentication protections Twitter has in place, the attackers entered the credentials into the real Twitter VPN portal within seconds of the employees entering them into the fake one. Once the employee entered the one-time password, the attackers were in. According to the charging document (PDF), Clark faces one count of organized fraud, 11 total counts of fraudulent use of personal information, one count of accessing a computer or electronic device without authority, and 17 counts of communications fraud. Clark's prosecution is taking place in Tampa, where he lives, "because Florida law allows minors to be charged as adults in financial fraud cases such as this when appropriate," Warren's office said. Two other young adults are also facing charges in relation to the hack, the DOJ announced. Mason Sheppard, a 19-year-old UK resident, and Nima Fazeli of Orlando, Florida, have both been charged in the Northern District of California. Sheppard faces counts of conspiracy to commit wire fraud, conspiracy to commit money laundering, and intentionally accessing a protected computer. Fazeli is charged with aiding and abetting the intentional access of a protected computer. This is a developing story and will be updated. Florida teen arrested, charged with being “mastermind” of Twitter hack
  3. Twitter users in Japan are facing uncertainty after the Supreme Court ruled that people who retweet copyright-infringing images can have their details passed to copyright holders. The case centered around the posting of an image that was posted to Twitter without permission and was then retweeted in an automatically cropped format. With more than 330 million active users, Twitter is a true internet giant that gives anyone with an internet connection and an account to have their say on whatever they like. Whether insightful, provocative, or even thoughtless, the overwhelming majority of tweets cause no legal issues. Every now and again, however, cases can attract the attention of lawyers who believe their clients’ rights have been breached. Of course, copyright infringement is one of the most common issues and a case in Japan has put Twitter users on notice, not only concerning what they post to the platform but also what they can safely retweet to others. The controversy began in 2014 when a photographer found that one of his images featuring a lily had been copied from his website and posted to Twitter without his permission. Additionally, he found that other users had retweeted the image from their own accounts. A Twitter feature meant that the retweeted images were cropped, removing the photographer’s name. The photographer wanted to discover not only the identity of the original poster but also the retweeters so took the matter to court. The Tokyo District Court found that the original posting of the image infringed the photographer’s copyright but dismissed the claims against the retweeters. Dissatisfied with the decision, the photographer took his case to the High Court handling intellectual property matters. That court agreed with the lower court that the original image posting had breached the photographer’s copyright. In respect of the retweeters, however, the High Court found they had violated the photographer’s moral rights, due to the Twitter cropping feature that removed his name, identifying him as the creator of the photograph. As a result, the High Court ordered Twitter to hand over the email addresses not only of the original poster but also those of three other Twitter users who retweeted the image. Twitter appealed the decision to the Supreme Court and essentially took responsibility for the cropping of the images, a feature that wasn’t under the control of its users. The company argued that any decision against them could have a chilling effect on its platform. The arguments fell on deaf ears. In a decision handed down yesterday, the Supreme Court ordered Twitter to hand over the email addresses of the three retweeters after finding that the photographer’s rights were indeed infringed when Twitter’s cropping tool removed his identifying information. Four out of five judges on the bench sided with the photographer, with Justice Hayashi dissenting. He argued that ruling in favor of the plaintiff would put Twitter users in the position of having to verify every piece of content was non-infringing before retweeting. The other judges said that despite these problems, the law must be upheld as it is for content published on other platforms. “Twitter has 45 million users in Japan. It is hoped that the company will take action,” Presiding Justice Saburo Tokura said, as reported by Japan Times. What the photographer will do with the emails addresses of the Twitter users is unclear but given the legal action undertaken thus far, it seems somewhat likely that similar could follow against the infringers. Perhaps more importantly, around 45 million Twitter users in the country, most of whom won’t have heard about the case, will now be exposed to action, if they don’t take precautions over what they retweet. There is a possiblity that Twitter itself will find a solution but the company is yet to make an announcement. Source
  4. Hackers obtained Twitter DMs for 36 high-profile account holders Hack also exposed phone numbers, email addresses and other PII for 130 users. Enlarge Kevin Krejci 21 with 16 posters participating, including story author Hackers accessed direct messages for 36 high-profile account holders in last week’s epic compromise of Twitter, with one of the affected users being an elected official from the Netherlands, the social media company said late Wednesday. The company also said the intruders were able to view email addresses, phone numbers, and other personal information for all 130 hijacked accounts. The mass-account takeover came to light last Wednesday when some of the world’s best-known celebrities, politicians, and executives began tweeting links to Bitcoin scams. A handful of the account holders included Vice President Joe Biden, philanthropist and former Microsoft founder, CEO, and Chairman Bill Gates, Tesla founder and CEO Elon Musk, and pop star Kanye West. A few hours later, Twitter officials said the incident was the result of it losing control of its internal administrative systems to hackers who either paid, tricked, or coerced one or more company employees. The officials said they would disclose any other malicious activities those responsible may have undertaken as an investigation continued. A breathtaking impact On Wednesday, Twitter provided its most troubling update so far. It said: The revelation that some of the world's most influential people likely had their personal messages read by unknown hackers will put more pressure on Twitter to better protect its users. US Senator Ron Wyden, a Democrat representing Oregon, said in a statement last week that he has pushed CEO Jack Dorsey to protect direct messages with end-to-end encryption, which would prevent Twitter and anyone else other than the sender and recipient from being able to read them. “Twitter DMs are still not encrypted, leaving them vulnerable to employees who abuse their internal access to the company's systems, and hackers who gain unauthorized access,” Wyden wrote. “If hackers gained access to users' DMs, this breach could have a breathtaking impact, for years to come.” Phone numbers, email addresses and more A blog post that was updated on Wednesday added that the account hijackers were able to view personal information, including phone numbers and email addresses, that were associated with the accounts. The company made no mention of what other personal details—such as words or users the account holder had muted or blocked—were available to hackers. A Twitter spokeswoman declined to provide additional information, including the identity of the users whose direct messages were accessed or other types of personal information that was exposed. Wednesday’s update also said that: “Attackers were not able to view previous account passwords, as those are not stored in plain text or available through the tools used in the attack.” “Previous passwords” referred to the passcodes that were used before hackers changed them. The update made no mention of passwords that were cryptographically hashed and whether the hijackers had the ability to obtain them. On background, a Twitter representative said the attackers didn't see passwords in hashed or plaintext format. In previous updates over the past week Twitter has provided additional details, including: Hackers likely tried to sell access to hijacked Twitter accounts with highly-coveted usernames such as @6 Up to eight of the compromised accounts had information taken through Twitter's “Your Twitter Data” tool. None of these accounts were verified Attackers tweeted from 45 verified accounts, which besides the holders mentioned above, also included Jeff Bezos, Barack Obama, and Apple The company is working with the law enforcement agencies, which according to Reuters, include the FBI Twitter has yet to answer several other important questions. They include whether the employees or hackers involved = in the attack left behind any backdoors that could allow similar breaches in the future. Also unanswered is if the company has put in place a mechanism—such as a requirement that multiple employees must provide separate passwords—to unlock administrative panels. Over the past decade, Twitter has evolved into a channel that President Trump, other world leaders, and myriad government agencies use to communicate both official policy and unofficial vitriol. With so much at stake, breaches that allow attackers to impersonate users and access their private message and information raise serious national security concerns that the company has yet to address. Hackers obtained Twitter DMs for 36 high-profile account holders
  5. Twitter Hacking for Profit and the LoLs The New York Times last week ran an interview with several young men who claimed to have had direct contact with those involved in last week’s epic hack against Twitter. These individuals said they were only customers of the person who had access to Twitter’s internal employee tools, and were not responsible for the actual intrusion or bitcoin scams that took place that day. But new information suggests that at least two of them operated a service that resold access to Twitter employees for the purposes of modifying or seizing control of prized Twitter profiles. As first reported here on July 16, prior to bitcoin scam messages being blasted out from such high-profile Twitter accounts @barackobama, @joebiden, @elonmusk and @billgates, several highly desirable short-character Twitter account names changed hands, including @L, @6 and @W. A screenshot of a Discord discussion between the key Twitter hacker “Kirk” and several people seeking to hijack high-value Twitter accounts. Known as “original gangster” or “OG” accounts, short-character profile names confer a measure of status and wealth in certain online communities, and such accounts can often fetch thousands of dollars when resold in the underground. The people involved in obtaining those OG accounts on July 15 said they got them from a person identified only as “Kirk,” who claimed to be a Twitter employee. According to The Times, Kirk first reached out to the group through a hacker who used the screen name “lol” on OGusers, a forum dedicated to helping users hijack and resell OG accounts from Twitter and other social media platforms. From The Times’s story: “The hacker ‘lol’ and another one he worked with, who went by the screen name ‘ever so anxious,’ told The Times that they wanted to talk about their work with Kirk in order to prove that they had only facilitated the purchases and takeovers of lesser-known Twitter addresses early in the day. They said they had not continued to work with Kirk once he began more high-profile attacks around 3:30 p.m. Eastern time on Wednesday. ‘lol’ did not confirm his real-world identity, but said he lived on the West Coast and was in his 20s. “ever so anxious” said he was 19 and lived in the south of England with his mother. Kirk connected with “lol” late Tuesday and then “ever so anxious” on Discord early on Wednesday, and asked if they wanted to be his middlemen, selling Twitter accounts to the online underworld where they were known. They would take a cut from each transaction.” Twice in the past year, the OGUsers forum was hacked, and both times its database of usernames, email addresses and private messages was leaked online. A review of the private messages for “lol” on OGUsers provides a glimpse into the vibrant market for the resale of prized OG accounts. On OGUsers, lol was known to other members as someone who had a direct connection to one or more people working at Twitter who could be used to help fellow members gain access to Twitter profiles, including those that had been suspended for one reason or another. In fact, this was how lol introduced himself to the OGUsers community when he first joined. “I have a twitter contact who I can get users from (to an extent) and I believe I can get verification from,” lol explained. In a direct message exchange on OGUsers from November 2019, lol is asked for help from another OGUser member whose Twitter account had been suspended for abuse. “hello saw u talking about a twitter rep could you please ask if she would be able to help unsus [unsuspend] my main and my friends business account will pay 800-1k for each,” the OGUusers profile inquires of lol. Lol says he can’t promise anything but will look into it. “I sent her that, not sure if I will get a reply today bc its the weekend but ill let u know,” Lol says. In another exchange, an OGUser denizen quizzes lol about his Twitter hookup. “Does she charge for escalations? And how do you know her/what is her department/job. How do you connect with them if I may ask?” “They are in the Client success team,” lol replies. “No they don’t charge, and I know them through a connection.” As for how he got access to the Twitter employee, lol declines to elaborate, saying it’s a private method. “It’s a lil method, sorry I cant say.” In another direct message, lol asks a fellow OGUser member to edit a comment in a forum discussion which included the Twitter account “@tankska,” saying it was his IRL (in real life) Twitter account and that he didn’t want to risk it getting found out or suspended (Twitter says this account doesn’t exist, but a simple text search on Twitter shows the profile was active until late 2019). “can u edit that comment out, @tankska is a gaming twitter of mine and i dont want it to be on ogu :D’,” lol wrote. “just dont want my irl getting sus[pended].” Still another OGUser member would post lol’s identifying information into a forum thread, calling lol by his first name — “Josh” — in a post asking lol what he might offer in an auction for a specific OG name. “Put me down for 100, but don’t note my name in the thread please,” lol wrote. WHO IS LOL? The information in lol’s OGUsers registration profile indicates he was probably being truthful with The Times about his location. The hacked forum database shows a user “tankska” registered on OGUsers back in July 2018, but only made one post asking about the price of an older Twitter account for sale. The person who registered the tankska account on OGUsers did so with the email address [email protected], and from an Internet address tied to the San Ramon Unified School District in Danville, Calif. According to 4iq.com, a service that indexes account details like usernames and passwords exposed in Web site data breaches, the jperry94526 email address was used to register accounts at several other sites over the years, including one at the apparel store Stockx.com under the profile name Josh Perry. Tankska was active only briefly on OGUsers, but the hacked OGUsers database shows that “lol” changed his username three times over the years. Initially, it was “freej0sh,” followed by just “j0sh.” lol did not respond to requests for comment sent to email addresses tied to his various OGU profiles and Instagram accounts. ALWAYS IN DISCORD Last week’s story on the Twitter compromise noted that just before the bitcoin scam tweets went out, several OG usernames changed hands. The story traced screenshots of Twitter tools posted online back to a moniker that is well-known in the OGUsers circle: PlugWalkJoe, a 21-year-old from the United Kingdom. Speaking with The Times, PlugWalkJoe — whose real name is Joseph O’Connor — said while he acquired a single OG Twitter account (@6) through one of the hackers in direct communication with Kirk, he was otherwise not involved in the conversation. “I don’t care,” O’Connor told The Times. “They can come arrest me. I would laugh at them. I haven’t done anything.” In an interview with KrebsOnSecurity, O’Connor likewise asserted his innocence, suggesting at least a half dozen other hacker handles that may have been Kirk or someone who worked with Kirk on July 15, including “Voku,” “Crim/Criminal,” “Promo,” and “Aqua.” “That twit screenshot was the first time in a while I joke[d], and evidently I shouldn’t have,” he said. “Joking is what got me into this mess.” O’Connor shared a number of screenshots from a Discord chat conversation on the day of the Twitter hack between Kirk and two others: “Alive,” which is another handle used by lol, and “Ever So Anxious.” Both were described by The Times as middlemen who sought to resell OG Twitter names obtained from Kirk. O’Connor is referenced in these screenshots as both “PWJ” and by his Discord handle, “Beyond Insane.” The negotiations over highly-prized OG Twitter usernames took place just prior to the hijacked celebrity accounts tweeting out bitcoin scams. Ever So Anxious told Kirk his OGU nickname was “Chaewon,” which corresponds to a user in the United Kingdom. Just prior to the Twitter compromise, Chaewon advertised a service on the forum that could change the email address tied to any Twitter account for around $250 worth of bitcoin. O’Connor said Chaewon also operates under the hacker alias “Mason.” “Ever So Anxious” tells Kirk his OGUsers handle is “Chaewon,” and asks Kirk to modify the display names of different OG Twitter handles to read “lol” and “PWJ”. At one point in the conversation, Kirk tells Alive and Ever So Anxious to send funds for any OG usernames they want to this bitcoin address. The payment history of that address shows that it indeed also received approximately $180,000 worth of bitcoin from the wallet address tied to the scam messages tweeted out on July 15 by the compromised celebrity accounts. The Twitter hacker “Kirk” telling lol/Alive and Chaewon/Mason/Ever So Anxious where to send the funds for the OG Twitter accounts they wanted. SWIMPING My July 15 story observed there were strong indications that the people involved in the Twitter hack have connections to SIM swapping, an increasingly rampant form of crime that involves bribing, hacking or coercing employees at mobile phone and social media companies into providing access to a target’s account. The account “@shinji,” a.k.a. “PlugWalkJoe,” tweeting a screenshot of Twitter’s internal tools interface. SIM swapping was thought to be behind the hijacking of Twitter CEO Jack Dorsey‘s Twitter account last year. As recounted by Wired.com, @jack was hijacked after the attackers conducted a SIM swap attack against AT&T, the mobile provider for the phone number tied to Dorsey’s Twitter account. Immediately after Jack Dorsey’s Twitter handle was hijacked, the hackers tweeted out several shout-outs, including one to @PlugWalkJoe. O’Connor told KrebsOnSecurity he has never been involved in SIM swapping, although that statement was contradicted by two law enforcement sources who closely track such crimes. However, Chaewon’s private messages on OGusers indicate that he very much was involved in SIM swapping. Use of the term “SIM swapping” was not allowed on OGusers, and the forum administrators created an automated script that would watch for anyone trying to post the term into a private message or discussion thread. The script would replace the term with “I do not condone illegal activities.” Hence, a portmanteau was sometimes used: “Swimping.” “Are you still swimping?” one OGUser member asks of Chaewon on Mar. 24, 2020. “If so and got targs lmk your discord.” Chaewon responds in the affirmative, and asks the other user to share his account name on Wickr, an encrypted online messaging app that automatically deletes messages after a few days. Chaewon/Ever So Anxious/Mason did not respond to requests for comment. O’Connor told KrebsOnSecurity that one of the individuals thought to be associated with the July 15 Twitter hack — a young man who goes by the nickname “Voku” — is still actively involved in SIM-swapping, particularly against customers of AT&T and Verizon. Voku is one of several hacker handles used by a Canton, Mich. youth whose mom turned him in to the local police in February 2018 when she overheard him talking on the phone and pretending to be an AT&T employee. Officers responding to the report searched the residence and found multiple cell phones and SIM cards, as well as files on the kid’s computer that included “an extensive list of names and phone numbers of people from around the world.” The following month, Michigan authorities found the same individual accessing personal consumer data via public Wi-Fi at a local library, and seized 45 SIM cards, a laptop and a Trezor wallet — a hardware device designed to store crytpocurrency account data. In April 2018, Voku’s mom again called the cops on her son — identified only as confidential source #1 (“CS1”) in the criminal complaint against him — saying he’d obtained yet another mobile phone. Voku’s cooperation with authorities led them to bust up a conspiracy involving at least nine individuals who stole millions of dollars worth of cryptocurrency and other items of value from their targets. CONSPIRACY Samy Tarazi, an investigator with the Santa Clara County District Attorney’s Office, has spent hundreds of hours tracking young hackers during his tenure with REACT, a task force set up to combat SIM swapping and bring SIM swappers to justice. According to Tarazi, multiple actors in the cybercrime underground are constantly targeting people who work in key roles at major social media and online gaming platforms, from Twitter and Instagram to Sony, Playstation and Xbox. Tarazi said some people engaged in this activity seek to woo their targets, sometimes offering them bribes in exchange for the occasional request to unban or change the ownership of specific accounts. All too often, however, employees at these social media and gaming platforms find themselves the object of extremely hostile and persistent personal attacks that threaten them and their families unless and until they give in to demands. “In some cases, they’re just hitting up employees saying, ‘Hey, I’ve got a business opportunity for you, do you want to make some money?'” Tarazi explained. “In other cases, they’ve done everything from SIM swapping and swatting the victim many times to posting their personal details online or extorting the victims to give up access.” Allison Nixon is chief research officer at Unit 221B, a cyber investigations company based in New York. Nixon says she doesn’t buy the idea that PlugWalkJoe, lol, and Ever So Anxious are somehow less culpable in the Twitter compromise, even if their claims of not being involved in the July 15 Twitter bitcoin scam are accurate. “You have the hackers like Kirk who can get the goods, and the money people who can help them profit — the buyers and the resellers,” Nixon said. “Without the buyers and the resellers, there is no incentive to hack into all these social media and gaming companies.” Mark Rasch, Unit 221B’s general counsel and a former U.S. federal prosecutor, said all of the players involved in the Twitter compromise of July 15 can be charged with conspiracy, a legal concept in the criminal statute which holds that any co-conspirators are liable for the acts of any other co-conspirator in furtherance of the crime, even if they don’t know who those other people are in real life or what else they may have been doing at the time. “Conspiracy has been called the prosecutor’s friend because it makes the agreement the crime,” Rasch said. “It’s a separate crime in addition to the underlying crime, whether it be breaking in to a network, data theft or account takeover. The ‘I just bought some usernames and gave or sold them to someone else’ excuse is wrong because it’s a conspiracy and these people obviously don’t realize that.” In a statement on its ongoing investigation into the July 15 incident, Twitter said it resulted from a small number of employees being manipulated through a social engineering scheme. Twitter said at least 130 accounts were targeted by the attackers, who succeeded in sending out unauthorized tweets from 45 of them and may have been able to view additional information about those accounts, such as direct messages. On eight of the compromised accounts, Twitter said, the attackers managed to download the account history using the Your Twitter Data tool. Twitter added that it is working with law enforcement and is rolling out additional company-wide training to guard against social engineering tactics. Twitter Hacking for Profit and the LoLs
  6. Coinbase says it halted more than $280,000 in bitcoin transactions during Twitter hack The company blacklisted the bitcoin address Illustration by Alex Castro The cryptocurrency exchange Coinbase said that it stopped around 1,100 customers from sending bitcoin to hackers who gained access to high-profile Twitter accounts last week. Last Wednesday, over 100 Twitter accounts, some belonging to major companies like Apple and high-profile people like Vice President Joe Biden and Bill Gates, were hacked as part of a massive coordinated bitcoin scam. According to Twitter, the hackers were able to convince some of the company’s employees to use internal systems and tools to access the accounts and help the hackers defraud users into sending them bitcoin. According to Forbes, Coinbase and other cryptocurrency exchanges were able to stop some customers from sending bitcoin to the hackers by blacklisting the hackers’ wallet address. Specifically, Coinbase says it prevented just over 1,000 customers from sending around $280,000 worth of bitcoin during last Wednesday’s attack. Roughly 14 Coinbase users sent around $3,000 worth of bitcoin to the scam’s bitcoin address before the company moved to blacklist it, the company said. “We noticed the scam and began blocking transactions within a couple of minutes of the initial wave of scam posts,” a Coinbase spokesperson told The Verge on Monday. Twitter accounts belonging to cryptocurrency exchanges including Binance and Gemini were also targeted during Wednesday’s attack. Coinbase’s chief information officer told Forbes on Sunday that it learned of the scam shortly after tweets were posted from fellow exchanges’ accounts. As of Monday, Twitter is still investigating Wednesday’s attack. On Friday, the company put out a blog post confirming that 130 accounts were targeted and the hackers were able to initiative a password reset, log in to the account, and send tweets for 45 of those accounts. Twitter also said that the hackers were able to download account data belonging to eight unverified users. Coinbase says it halted more than $280,000 in bitcoin transactions during Twitter hack
  7. Trump’s Twitter account has extra protections, which could be why it didn’t get hacked A lot of high-profile accounts were hit yesterday, but not Trump’s Photo by Drew Angerer/Getty Images In yesterday’s massive attack on Twitter, some of the highest-profile accounts on the service, including President Barack Obama, Joe Biden, Elon Musk, and Bill Gates had their accounts hijacked to peddle bitcoin scams. Notably, however, Donald Trump, perhaps the most famous Twitter user of all, was untouched by the attack, and it could be because Twitter has implemented extra protections for his account. In a deeply-reported article on the attack, The New York Times writes that Trump’s Twitter account has extra protection after “past incidents,” citing two anonymous sources — a senior White House official and a Twitter employee. The New York Times didn’t specify what those past incidents were, but they could refer to the November 2nd, 2017 incident where a rogue employee deactivated Trump’s account on his last day at the company. Trump’s account returned to Twitter 11 minutes later. A day after the deactivation, Twitter said it had “implemented safeguards to prevent this from happening again.” The company didn’t elaborate further. But The Wall Street Journal reported at the time that Twitter had already limited the number of employees who could access Trump’s account following his inauguration. Those tools typically let employees suspend or deactivate accounts, but don’t let them tweet from those accounts, the WSJ said. Motherboard reported that the people involved in Wednesday’s attack were sharing screenshots of a Twitter admin tool apparently used for the attack. And Twitter itself has said that its own employee systems and tools were compromised. If those are also the same systems that no longer had widespread access to Trump’s account as of 2017, that could have made his account more difficult, if not impossible, to access from the admin tool used by the attackers. It’s also possible that Trump’s account was hardened further after the rogue employee deactivated it in November 2017. Twitter hasn’t replied to a request for comment, so we can’t exactly be sure that those safeguards are what stopped the attackers from hijacking his account on Tuesday. In fact, it’s not clear that the attackers even tried. Either way, they didn’t get in, and that could have prevented an already very bad situation from getting even worse. Trump’s Twitter account has extra protections, which could be why it didn’t get hacked
  8. EFF tells Twitter to encrypt DMs after hacking incident The Electronic Frontier Foundation (EFF) has reiterated to Twitter that it should subject all direct messages (DMs) to end-to-end encryption to provide users with more privacy and security. The digital rights organization has been calling for this for years but the most recent breach has pushed it to demand the feature again. The EFF said that with hackers gaining access to admin tools at Twitter, encrypting the DMs would have meant hackers couldn’t have seen the contents of direct messages, offering more protection. The rights group also pointed to the fact that Twitter CEO Jack Dorsey reassured Senator Ron Wyden two years ago that end-to-end encryption was being worked on. Earlier today, Twitter said in a statement that going forward it will be taking action to tighten up its security. It’s not clear what this tightening up will look like but hopefully, it will include end-to-end encryption for DMs. One of Twitter’s main rivals, Facebook, already offers end-to-end encryption on some of its products including WhatsApp and optionally on Facebook Messenger. The messaging apps, Signal and iMessage, also offer users with encryption features for greater security. While Twitter may be under pressure from law enforcement to keep DMs unencrypted, the EFF believes that securing them is “a no-brainer”. EFF tells Twitter to encrypt DMs after hacking incident
  9. Read Twitter’s update on the huge hack — 8 accounts may have had private messages stolen But it sounds like the attackers didn’t get Biden’s data cache Illustration by Alex Castro On Friday evening, Twitter issued its first full blog post about what happened after the biggest security lapse in the company’s history, one that led to attackers getting hold of some of the highest profile Twitter accounts in the world — including Democratic presidential candidate Joe Biden, President Barack Obama, Tesla CEO Elon Musk, Microsoft co-founder Bill Gates, Kanye West, Michael Bloomberg, and more. The bad news: Twitter has now revealed that the attackers may indeed have downloaded the private direct messages (DMs) of up to 8 individuals while conducting their Bitcoin scam, and were able to see “personal information” including phone numbers and email addresses for every account they targeted. That’s because Twitter has confirmed that attackers attempted to download the entire “Your Twitter Data” archive for those 8 individuals, which contains DMs among other info. They may even have DMs that the 8 individuals tried to delete, given that Twitter stores DMs on its servers as long as either party to a conversation keeps them around — we learned last February that you can retrieve deleted DMs by downloading the “Your Twitter Data” archive, even if you’ve deleted them yourself. The archive can also include other personal information like your address book and any images and videos you may have attached to those private messages as well. The good news: Twitter claims none of those 8 accounts were verified users, suggesting that none of the highest-profile individuals targeted had their data downloaded. It’s still possible that the hackers looked at their DMs, but no, Democratic presidential candidate Joe Biden and others probably didn’t just get their DMs stolen outright. According to Twitter, hackers targeted 130 accounts; successfully triggered a password reset, logged in, and tweeted from 45 of them; and only attempted to download data for that “up to eight” non-verified accounts. We do not know how many accounts they may have scanned for personal information or how many DMs they might have simply accessed or read. And for the larger batch of 130 accounts — including high-profile ones like the Democratic presidential candidate — Twitter says they may have been able to see other sorts of personal information. Twitter also allows logged in users to see a location history of the places and times that they’ve logged in, as an example. Twitter previously confirmed that its own internal employee tools were used to facilitate the account takeovers, and suspected that its employees had fallen for a social engineering scam — now, the company is going further to say definitively that the attackers “successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections.” That aligns with the prevailing theories, which you can read more about in the NYT’s impressive report here. There are still many, many more questions and serious investigations still ahead. You can read Twitter’s full blog post here. Read Twitter’s update on the huge hack — 8 accounts may have had private messages stolen
  10. Twitter says passwords were spared in yesterday’s attack, but it’s still working to restore locked accounts Twitter wants to restore access ‘ASAP’ Illustration by Alex Castro / The Verge Twitter says it has “no evidence” user passwords were accessed as part of yesterday’s massive attack targeting the company’s internal tools, but it is still working to restore access to locked accounts. The updates were shared as part of a series of tweets posted Thursday afternoon. Yesterday, attackers hijacked the accounts of some of the most-followed people on Twitter, including President Barack Obama, Vice President Joe Biden, Elon Musk, Bill Gates, and Kanye West, to post bitcoin scams. The company made the decision to lock many accounts last night as a precaution to reduce further damage from the attacks, and it provided more detail about why accounts were locked in this afternoon’s tweets. “Out of an abundance of caution, and as part of our incident response yesterday to protect people’s security, we took the step to lock any accounts that had attempted to change the account’s password during the past 30 days,” Twitter said. The company added that if an account was locked, that didn’t “necessarily mean” that the account was compromised, and it believes only a “small subset” of locked accounts actually were. Twitter says it’s working “ASAP” to restore access, but the process may still take some time. Although Twitter says it doesn’t believe passwords were accessed, it remains unclear if the attackers were able to access direct messages. In addition to locking some accounts, Twitter also completely disabled the ability of all verified accounts to tweet last night for a few hours following the hack, though verified accounts could still retweet existing tweets while the limits were in place. Last night, Twitter shared that its own internal tools were compromised in the attack. “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” Twitter said in a tweet sent yesterday at 10:38PM ET. Two anonymous sources told Motherboard that a Twitter employee helped them take over accounts, with one saying they paid the employee for their help. Twitter says passwords were spared in yesterday’s attack, but it’s still working to restore locked accounts
  11. The FBI opens investigation into Twitter attack over national security concerns Numerous investigations are now probing Twitter’s worst-ever security incident Illustration by Alex Castro The US Federal Bureau of Investigation has opened an investigation into Wednesday’s unprecedented Twitter attack that resulted in numerous takeovers of high-profile accounts belonging to politicians, business leaders, and corporations, according to a report from The Wall Street Journal. The FBI is concerned that the coordinated attack and the vulnerabilities it exposed in Twitter’s systems may pose serious security risks, due to the widespread compromising of sensitive accounts, including those of President Barack Obama and Democratic presidential candidate Joe Biden. President Donald Trump’s account was not affected, White House press secretary Kayleigh McEnany tells the WSJ, but it’s unclear if Trump’s account has special protections. Twitter tells The Verge it is in communication with the FBI regarding its investigation and intends to fully cooperate. “At this time, the accounts appear to have been compromised in order to perpetuate cryptocurrency fraud,” the FBI said in a statement given to the WSJ. New York Gov. Andrew Cuomo is also having the state’s Department of Financial Services investigate the attack, the report states. “Foreign interference remains a grave threat to our democracy and New York will continue to lead the fight to protect our democracy and the integrity of our elections in any way we can,” Cuomo said, according to the New York Post. New York Attorney General Letitia James also opened an investigation following this morning’s news that lawmakers on both sides of the aisle have begun calling for Twitter to provide more transparency about how the attack was carried out. “Countless Americans rely on Twitter to read and watch the news, to engage in public debate, and to hear directly from political leaders, activists, business executives, and other thought leaders,” James said in a statement. “Last night’s attack on Twitter raises serious concerns about data security and how platforms like Twitter could be used to harm public debate. I have ordered my office to open an immediate investigation into this matter.” The attack, which involved hackers taking control of popular accounts with millions of followers to tweet out a bitcoin scam, was the work of a group of unknown individuals. Twitter now says the group used social engineering techniques of some type to gain control of internal company tools. Those tools allowed the hackers to gain access to the accounts, although Twitter has not specified how exactly this happened. In the aftermath of the account takeovers, which lasted for more than two hours, Twitter had to resort to extreme measures to mitigate the fallout, including disabling the ability for verified accounts to send new tweets and locking down all of the affected accounts and even some accounts that were not targeted by the hackers. The company is still working to restore access to locked accounts as of this afternoon. Motherboard reported yesterday that the hackers did not in fact breach any Twitter systems, but instead allegedly paid a Twitter employee to reset the email addresses associated with the affected accounts, thereby giving unauthorized access to the hackers who then tweeted out the cryptocurrency scam tweets. Twitter has not openly disputed this account of the event, but it is currently unclear how much, if any, of the story is an accurate representation of what happened. The company is still investigating and has not yet shared its full findings. The FBI opens investigation into Twitter attack over national security concerns
  12. Who’s Behind Wednesday’s Epic Twitter Hack? Twitter was thrown into chaos on Wednesday after accounts for some of the world’s most recognizable public figures, executives and celebrities starting tweeting out links to bitcoin scams. Twitter says the attack happened because someone tricked or coerced an employee into providing access to internal Twitter administrative tools. This post is an attempt to lay out some of the timeline of this attack, and point to clues about who may have been behind it. The first public signs of the intrusion came around 3 PM EDT, when the Twitter account for the cryptocurrency exchange Binance tweeted a message saying it had partnered with “CryptoForHealth” to give back 5000 bitcoin to the community, with a link where people could donate or send money. Minutes after that, similar tweets went out from the accounts of other cryptocurrency exchanges, and from the Twitter accounts for democratic presidential candidate Joe Biden, Amazon CEO Jeff Bezos, President Barack Obama, Tesla CEO Elon Musk, former New York Mayor Michael Bloomberg and investment mogul Warren Buffett. While it may sound ridiculous that anyone would be fooled into sending bitcoin in response to these tweets, an analysis of the BTC wallet promoted by many of the hacked Twitter profiles shows that on July 15 the account processed 383 transactions and received almost 13 bitcoin on July 15 — or approximately USD $117,000. Twitter issued a statement saying it detected “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools. We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.” There are strong indications that this attack was perpetrated by individuals who’ve traditionally specialized in hijacking social media accounts via “SIM swapping,” an increasingly rampant form of crime that involves bribing, hacking or coercing employees at mobile phone and social media companies into providing access to a target’s account. People within the SIM swapping community are obsessed with hijacking so-called “OG” social media accounts. Short for “original gangster,” OG accounts typically are those with short account names (such as @B or @joe). Possession of these OG accounts confers a measure of status and perceived influence and wealth in SIM swapping circles, as such accounts can often fetch thousands of dollars when resold in the underground. In the days leading up to Wednesday’s attack on Twitter, there were signs that some actors in the SIM swapping community were selling the ability to change an email address tied to any Twitter account. In a post on OGusers — a forum dedicated to account hijacking — a user named “Chaewon” advertised they could change email address tied to any Twitter account for $250, and provide direct access to accounts for between $2,000 and $3,000 apiece. The OGUsers forum user “Chaewon” taking requests to modify the email address tied to any twitter account. “This is NOT a method, you will be given a full refund if for any reason you aren’t given the email/@, however if it is revered/suspended I will not be held accountable,” Chaewon wrote in their sales thread, which was titled “Pulling email for any Twitter/Taking Requests.” Hours before any of the Twitter accounts for cryptocurrency platforms or public figures began blasting out bitcoin scams on Wednesday, the attackers appear to have focused their attention on hijacking a handful of OG accounts, including “@6.” That Twitter account was formerly owned by Adrian Lamo — the now-deceased “homeless hacker” perhaps best known for breaking into the New York Times’s network and for reporting Chelsea Manning‘s theft of classified documents. @6 is now controlled by Lamo’s longtime friend, a security researcher and phone phreaker who asked to be identified in this story only by his Twitter nickname, “Lucky225.” Lucky225 said that just before 2 p.m. EST on Wednesday, he received a password reset confirmation code via Google Voice for the @6 Twitter account. Lucky said he’d previously disabled SMS notifications as a means of receiving multi-factor codes from Twitter, opting instead to have one-time codes generated by a mobile authentication app. But because the attackers were able to change the email address tied to the @6 account and disable multi-factor authentication, the one-time authentication code was sent to both his Google Voice account and to the new email address added by the attackers. “The way the attack worked was that within Twitter’s admin tools, apparently you can update the email address of any Twitter user, and it does this without sending any kind of notification to the user,” Lucky told KrebsOnSecurity. “So [the attackers] could avoid detection by updating the email address on the account first, and then turning off 2FA.” Lucky said he still hasn’t been able to review whether any tweets were sent from his account during the time it was hijacked because he still doesn’t have access to it (he has put together a breakdown of the entire episode at this Medium post). But around the same time @6 was hijacked, another OG account – @B — was swiped. Someone then began tweeting out pictures of Twitter’s internal tools panel showing the @B account. A screenshot of the hijacked OG Twitter account “@B,” shows the hijackers logged in to Twitter’s internal account tools interface. Twitter responded by removing any tweets across its platform that included screenshots of its internal tools, and in some cases temporarily suspended the ability of those accounts to tweet further. Another Twitter account — @shinji — also was tweeting out screenshots of Twitter’s internal tools. Minutes before Twitter terminated the @shinji account, it was seen publishing a tweet saying “follow @6,” referring to the account hijacked from Lucky225. The account “@shinji” tweeting a screenshot of Twitter’s internal tools interface. Cached copies of @Shinji’s tweets prior to Wednesday’s attack on Twitter are available here and here from the Internet Archive. Those caches show Shinji claims ownership of two OG accounts on Instagram — “j0e” and “dead.” KrebsOnSecurity heard from a source who works in security at one of the largest U.S.-based mobile carriers, who said the “j0e” and “dead” Instagram accounts are tied to a notorious SIM swapper who goes by the nickname “PlugWalkJoe.” Investigators have been tracking PlugWalkJoe because he is thought to have been involved in multiple SIM swapping attacks over the years that preceded high-dollar bitcoin heists. Archived copies of the @Shinji account on twitter shows one of Joe’s OG Instagram accounts, “Dead.” Now look at the profile image in the other Archive.org index of the @shinji Twitter account (pictured below). It is the same image as the one included in the @Shinji screenshot above from Wednesday in which Joseph/@Shinji was tweeting out pictures of Twitter’s internal tools. Image: Archive.org This individual, the source said, was a key participant in a group of SIM swappers that adopted the nickname “ChucklingSquad,” and was thought to be behind the hijacking of Twitter CEO Jack Dorsey‘s Twitter account last year. As Wired.com recounted, @jack was hijacked after the attackers conducted a SIM swap attack against AT&T, the mobile provider for the phone number tied to Dorsey’s Twitter account. A tweet sent out from Twitter CEO Jack Dorsey’s account while it was hijacked shouted out to PlugWalkJoe and other Chuckling Squad members. The mobile industry security source told KrebsOnSecurity that PlugWalkJoe in real life is a 21-year-old from Liverpool, U.K. named Joseph James Connor. The source said PlugWalkJoe is in Spain where he was attending a university until earlier this year. He added that PlugWalkJoe has been unable to return home on account of travel restrictions due to the COVID-19 pandemic. The mobile industry source said PlugWalkJoe was the subject of an investigation in which a female investigator was hired to strike up a conversation with PlugWalkJoe and convince him to agree to a video chat. The source further explained that a video which they recorded of that chat showed a distinctive swimming pool in the background. According to that same source, the pool pictured on PlugWalkJoe’s Instagram account (instagram.com/j0e) is the same one they saw in their video chat with him. If PlugWalkJoe was in fact pivotal to this Twitter compromise, it’s perhaps fitting that he was identified in part via social engineering. Maybe we should all be grateful the perpetrators of this attack on Twitter did not set their sights on more ambitious aims, such as disrupting an election or the stock market, or attempting to start a war by issuing false, inflammatory tweets from world leaders. Also, it seems clear that this Twitter hack could have let the attackers view the direct messages of anyone on Twitter, information that is difficult to put a price on but which nevertheless would be of great interest to a variety of parties, from nation states to corporate spies and blackmailers. This is a fast-moving story. Please stay tuned for further updates. KrebsOnSecurity would like to thank Unit 221B for their assistance in connecting some of the dots in this story. Who’s Behind Wednesday’s Epic Twitter Hack?
  13. Twitter is building a subscription platform codenamed Gryphon Three years ago, Twitter considered offering subscriptions for its social media dashboard, TweetDeck. That service would have provided news alerts and analytics to customers willing to pay for a monthly fee, but it didn't materialize. Now, the company appears to be carrying on with its subscription push, if a new job listing is any indication (via VentureBeat). Twitter posted a job opening on its career portal in search for a "Senior Full-stack Software Engineer" who will join its new team, codenamed Gryphon. The listing reveals that the group is developing a subscription platform that can be reused by other teams in the future. It consists of web engineers working with both the payments and Twitter.com teams. The full-stack engineer will be responsible for Gryphon's payment and subscription client work. The team will be distributed across different locations including London, San Francisco, Boston, and New York. The subscription model is seen as a part of Twitter's efforts to explore additional revenue streams beyond advertising, which primarily contributes to its income. It's not clear, though, how the micro-blogging site plans to implement the subscription platform and what services it will offer. Twitter is building a subscription platform codenamed Gryphon
  14. Google, Facebook, and Twitter halt government data requests after new Hong Kong security law The companies are reviewing a new security law that gives China power to stifle dissent Illustration by Alex Castro / The Verge Google, Facebook, and Twitter are pausing the processing of data requests from the Hong Kong government as they review a new security law that went into effect on July 1st. Google put its pause into place as soon as the law took effect last Wednesday. “[W]hen the law took effect, we paused production on any new data requests from Hong Kong authorities,” a Google spokesperson told The Verge in an email, “and we’ll continue to review the details of the new law,” the spokesperson said. Twitter also halted its handling of government requests as of July 1st, with Facebook announcing its pause on Monday, The New York Times reported. Social media platforms typically produce private user information in response to valid court orders, depending on the legal process in various countries. But under this new position, all the companies will, at least temporarily, ignore the requests coming from the government of Hong Kong. The new policies are in response to China’s new national security law in Hong Kong, which was first proposed in May. Hong Kong has traditionally enjoyed significant independence from mainland China, but the central Chinese government has tightened restrictions on speech in Hong Kong in recent months, bringing a gradual end to the “one country, two systems” principle. China’s push toward more control has led to widespread protests across Hong Kong, which began last year. In particular, the new security law gives China the power to limit political dissent against the Communist Party, making it unlawful to engage in “secession, subversion, organization and perpetration of terrorist activities, and collusion with a foreign country or with external elements to endanger national security.” Those powers are particularly relevant for social platforms, which may be hosting the now-criminalized subversive activities. Google, Facebook, and Twitter have both been banned in China for several years, part of the so-called “Great Firewall,” under which government censors and monitors track online activity. The new security law has already compelled several political opposition parties in Hong Kong to disband, NPR reported, and is expected to further chill political dissent against Beijing in Hong Kong. “We believe freedom of expression is a fundamental human right and support the right of people to express themselves without fear for their safety or other repercussions,” a Facebook spokesperson said in an email to The Verge. Twitter says it is reviewing the new law to assess the implications, adding many terms of the new law are “vague and without clear definition,” a spokesperson wrote in an email to The Verge. “Like many public interest organizations, civil society leaders and entities, and industry peers, we have grave concerns regarding both the developing process and the full intention of this law.” Facebook has a process for reviewing government requests, which takes into account its own policies and local laws as well as international human rights standards, the spokesperson added. “We are pausing the review of government requests for user data from Hong Kong pending further assessment of the National Security Law, including formal human rights due diligence and consultations with international human rights experts.” Facebook has offices in China and uses Chinese suppliers to manufacture some of its hardware, including its Oculus VR headsets and its Portal video chat devices. Facebook CEO Mark Zuckerberg has attempted to mend relations with China in the past, meeting with Communist Party leaders while in Beijing for an economic forum in 2016. More recently, he’s pushed concerns about China setting the terms for online engagement. “If another nation’s platform sets the rules,” Zuckerberg said last year, “our nation’s discourse could be defined by a completely different set of values.” Google, Facebook, and Twitter halt government data requests after new Hong Kong security law
  15. Tweetz is an open-source Twitter client for Windows Last week, we told you how to get the old Twitter interface back, using GoodTwitter 2. Before I came across it, I had been looking for extensions and other solutions. One of these was a Twitter client, called Tweetz. It's an an open-source program for windows, that you can use to view your timeline from your desktop. You cannot customize the location where Tweetz gets installed. When the program is run, you will see the following screen. It tells you click on the "Get Pin" button to authorize your account. Hit the button and a new tab should open in your browser. Login to Twitter and authorize the application. Here's the list of permissions it requires. It's pretty much standard for a Twitter client to have such options. Twitter will display a PIN that you'll need to enter in Tweetz. Paste it in the field that's available and click on the sign in button. Tweetz has a minimal interface with a dark theme. You can resize the window to make it larger or smaller. The navigation bar at the top of the window has five buttons. Clicking the Home button takes you to your timeline. The heart icon lists tweets that you've liked. The magnifying glass is the Search shortcut. Oddly, the "@ mentions" are located on the search page, so if you want to see tweets that you've been tagged in (replies from other users), you've to click on the @ button to fetch the mentions. It would've been better if it had its own shortcut on the nav bar. The gear cog icon is used to access the program's settings. You may hide images, profile pictures, extended content, your username in the title bar, tweets that contain sensitive content. Tweetz can be set to stay on top of other programs, start automatically with Windows, minimized to the system tray. Drag the font size slider towards the right to adjust the text size. There are 3 themes in Tweetz: Light, Nord and Dark. The application stores its settings in a text file. The settings page lists a few tips on how to control the program. Right-click (on any page) to scroll to the top, click on a timestamp to open the link in your browser, Ctrl + N to post a new tweet, etc. Speaking of, hit the tweet button in the top right corner to post a tweet. The + button in the tweet compose window can be used to add images (GIF, JPG, PNG, WEBP formats) or videos (MP4). You can use Tweetz to post Tweets, retweet, retweet with comment, reply to tweets, like tweets, and follow users from the timeline. The program automatically pauses the timeline when you scroll down, and allows you to read the currently loaded tweets. Mouse over a link to view the full URL, or over a profile picture or username to view the profile info. Click on an image to view a larger version of it, that opens in a pop-up window. It has 2 buttons that lets you copy the picture's URL or the image to clipboard. To return to your timeline, click on the image again. Tweetz can play twitter videos too, and uses a pop-up player for it. Its controls are similar to the built-in image viewer. No program is perfect. Let's discuss the flaws of the program. There is no way to manage your Twitter account from within the program. Tweetz does not support lists, which may not be a deal breaker for many, but as a user with customized lists I was disappointed. The biggest drawback however is that when you click on a Tweet, a timestamp or a profile, it doesn't open a pop-up window to display the content. Instead, it opens the link in your default browser. The program is written in .NET Core. A portable version of Tweetz is available, it's called the self-contained version. Note: This review is not based on the latest version that was released a few days ago. I used version 2.6.2 from about two weeks ago. The program displays a "Consider donating" Tweet from the developer from time to time. It is displayed even if you aren't following him on Twitter. Tweetz is impressive, but I would've liked it more if it opened Tweets and profile pages in its interface, rather than sending them to the web browser. If I were to rate it in a point system, it definitely gets extra points simply because it. does not use the "modern Twitter interface". Landing Page: https://github.com/mike-ward/tweetz/releases Tweetz is an open-source Twitter client for Windows
  16. Twitter terminates DDoSecrets, falsely claims it may infect visitors Permanent suspension comes for violations of rules against tweeting hacked materials. Enlarge Aurich Lawson / Getty 103 with 73 posters participating, including story author Four days after leak publisher DDoSecrets circulated private documents from more than 200 law enforcement agencies across the United States, Twitter has permanently suspended its account and falsely claimed that the site may infect users with malware. “Your account, DDoSecrets, has been suspended for violating the Twitter rules,” this email, which Twitter sent to the account holders, said. The message cited rules against “distribution of hacked material” and went on to say: We don’t permit the use of our services to directly distribute content obtained through hacking that contains private information, may put people in physical harm or danger, or contains trade secrets. Note that if you attempt to evade a permanent suspension by creating new accounts, we will suspend your new accounts. If you wish to appeal this suspension, please contact our support team. BlueLeaks asks: Why us and not WikiLeaks? DDoSecrets describes itself as a “transparency collective, aimed at enabling the free transmission of data in the public interest.” On Friday, it published BlueLeaks, a 269-gigabyte trove of documents that KrebsOnSecurity reported was obtained through the hack of a Web development company that hosted documents on behalf of police departments. Some of the documents exposed police candidly discussing responses to demonstrations protesting what a Minnesota district attorney has charged was the murder of George Floyd, a Black man who died while handcuffed as a Minneapolis Police Department officer pressed a knee on his neck for nearly nine minutes. As of Tuesday, Derek Chauvin, who has since been fired, had not entered a plea. A Twitter spokesperson confirmed that the company had permanently suspended the DDoSecrets account for violating the social media site’s rules barring hacked materials. The spokesperson said the material (1) contained unredacted information that could put people at risk of real-world harm and (2) ran afoul of a policy that forbids the distribution of material that is obtained through technical breaches and hacks, as publishers of DDoSecrets claimed had been done. DDoSecrets co-founder Emma Best criticized the suspension and noted that the Twitter account for WikiLeaks remains active despite its publishing of vast troves of private information resulting from the 2016 hack of the Democratic National Committee and members of the Hillary Clinton campaign. WikiLeaks has also tweeted links to its Vault 7 series, which published details about closely guarded CIA hacking programs. Other accounts associated with the Anonymous hacking movement have also escaped suspensions. Twitter was also slow to suspend Guccifer 2.0 and the Dark Overlord, the monikers of two purported hackers, both of whom also published extensive amounts of personal information obtained through hacking and tweeted the links. “@DDoSecrets has worked with dozens of major news outlets across the world and published terabytes of data uncovering money laundering schemes, corruption, and more,” Best tweeted. “Now we're being censored for publishing the #BlueLeaks files about law enforcement.” Fearmongering Twitter users who clicked on tweeted links to the DDoSecrets.com site received a message from Twitter warning, with no evidence, that the site may install malware, steal passwords or other sensitive data, or collect personal data for purposes of sending spam. Enlarge This security check from Web security firm Sucuri found no malware on the site, although the firm did note that it was blocked by fellow security firm McAfee. Best said the only malware on the site are binary samples of malware such as the Stuxnet worm that infected Iran about a decade ago and attachments found in emails posted to the site. Best said that DDoSecrets critics have been falsely reporting to security firms that the site is malicious in an attempt to make the site unavailable to users of antivirus products. The Twitter spokesperson didn’t answer questions about the basis for the claims. The spokesperson also didn’t say what distinguished materials published by DDoSecrets from those published by WikiLeaks. McAfee representatives weren’t immediately available for comment. Best told Wired that prior to publishing BlueLeaks, DDoSecrets spent a week scrubbing about 50 gigabytes of material disclosing sensitive details about crime victims, children, unrelated private businesses, health care companies, and retired veterans’ associations. The co-founder conceded, however, that the team “probably missed things.” Critics have increasingly complained that Twitter’s rules for removing tweets and accounts it deems abusive or harmful are inconsistent. The social media site’s permanent suspension of DDoSecrets and its unsubstantiated warnings the site may engage in malicious behavior is only going to further those charges. Twitter terminates DDoSecrets, falsely claims it may infect visitors
  17. Twitter suffered a major data breach - but this is why you're probably safe Business customers' personal information was stored in their web browser's cache (Image credit: Shutterstock) Twitter has emailed its business customers to inform them that their personal information may have been compromised. As reported by The BBC, the social networking giant said that the billing information of some of its customers was stored inside their web browser's cache and that others could have possibly accessed their personal information. The exposed personal data includes email addresses, phone numbers and the last four digits of customers' credit card numbers. However, according to Twitter, there is no evidence that its customers' billing information was compromised. Twitter breach The breach affects Twitter's business customers who use its advertising and analytics platforms. At this time though, it is still unclear as to how many business have been affected. Twitter informed its users that it first became aware of the breach at the end of May after it disclosed a similar bug that led to Firefox storing files sent or received from direct messages and data archive files downloaded from a profile's settings page in its browser's cache. While unfortunate for the social network's business customers, it is not believed that any of Twitter's regular users were affected by the breach. Twitter suffered a major data breach - but this is why you're probably safe
  18. Cricket fans were welcomed with a shocking message a few hours ago when the largest fan-created Cricket video archive on Twitter was targeted. Rob Moody, whose videos generate hundreds of thousands of views every month, was told to remove all copyrighted videos or lose his Twitter account. This threat prompted public outrage and soon after Cricket Australia retracted its claims. Copyright infringement is frequently framed as something horrible, an evil that has to be rooted out. However, it’s also at the source of many creative expressions or just pure entertainment. In these cases, copyright enforcement can do more harm than good. An example of such a clash took place on Twitter yesterday, when superfan Rob Moody informed Twitter followers that his massive library of over 2,000 cricket clips was at risk. Several videos were targeted by takedown requests from Cricket Australia and, if Moody refused to remove all infringing content, his account would be suspended. Needless to say, Moody wasn’t pleased, something he made crystal clear. “So I’m told to delete every cricket video I’ve ever uploaded to Twitter, over the past 11 years….. You have to laugh really! Just suspend my account and be done with it, as if I’m going to go and find all 2000+ videos since 2009 and delete them.” A lot of cricket fans, including various prominent names, were equally shocked by the decision. The archive of cricket videos has been a source of entertainment for many and has amassed millions of views. New Zealand international James Neesham urged those responsible to “sort it out” and TV-personality Piers Morgan jumped in asked people to “rise up” in defense of the video archive. The big problem, of course, is that the copyright claims aren’t entirely unwarranted. Moody doesn’t own the rights to broadcast the clips via Twitter. This is something he’s well aware of. “It’s nice that people like watching the videos but reality is what I’m doing is wrong, and can’t last forever,” Moody replied when someone highlighted this angle. While many people had already started to get used to the idea that their favorite cricket video archive would be lost, Cricket Australia jumped in. The organization was indeed responsible for the looming purge, but it was quick to retract its claims. Apparently, they were sent in error. “Some good news: The copyright claims against @robelinda2 were made in error and have been retracted. The videos should be back up and running soon,” the organization tweeted. “We’ve got no plans to shut down Rob’s old gold and will follow up on the processes around this,” Cricket Australia added. So, after a few hours, the crisis was averted. Rob Moody can continue posting cricket clips and given the events that unfolded today, he doesn’t have to be worried that Cricket Australia will go after him in the near future. This doesn’t mean that others can’t be targeted for posting the same clips of course. However, the whole episode shows that copyright enforcement can sometimes do more harm than good. This is something rightsholders may want to keep in mind. Source
  19. Twitter starts rolling out audio tweets on iOS No word on when the feature will come to Android Twitter is rolling out the ability to record audio snippets and attach them to your tweets. The new feature is available first on iOS and launching today for “a limited group of people,” according to the company. “Sometimes 280 characters aren’t enough and some conversational nuances are lost in translation. So starting today, we’re testing a new feature that will add a more human touch to the way we use Twitter — your very own voice,” Twitter’s Maya Patterson and Rémy Bourgoin wrote in a blog post. If you’ve got access to it, you’ll see a new waveform icon beside the camera icon when composing a tweet. Tap that, and a red record button appears at the bottom of the screen, which you can tap to start recording your message. “Each voice tweet captures up to 140 seconds of audio. Have more to say? Keep talking. Once you reach the time limit for a tweet, a new voice tweet starts automatically to create a thread,” Twitter said. Audio can only be added to original tweets, according to this help page, so you can’t include them in replies or retweets with a comment. Another minor thing to note is that whatever your profile picture is when you record an audio clip will always be attached to that audio tweet. “Your current profile photo will be added as a static image on your audio attachment and will not refresh if you update your profile photo,” Twitter says. You can listen to audio tweets by hitting the play button. On iOS, Twitter says a dock will appear near the bottom of the app so you can listen to audio tweets and continue scrolling through your timeline. They’ll also keep playing in the background if you switch to another app. Audio tweets could pose new moderation challenges for Twitter, and it’s also important to remember the accessibility factor here. The Verge asked Twitter for more details on how it will make it easier for people who are deaf or hard-of-hearing to access these audio tweets. In an emailed response, a spokesperson said “this is an early test of audio for us and we’re still exploring the best ways to meet the needs of people with different abilities.” Update June 17th 2:25PM ET: The original article has been updated to include a comment regarding accessibility from Twitter. Twitter starts rolling out audio tweets on iOS
  20. SAN FRANCISCO (Reuters) - Twitter on Thursday said it removed more than 170,000 accounts tied to a Beijing-backed influence operation that deceptively spread messages favorable to the Chinese government, including some about the coronavirus. The company suspended a core network of 23,750 highly active accounts, as well as a larger network of about 150,000 “amplifier” accounts used to boost the core accounts’ content. Twitter, along with researchers who analyzed the accounts, said the network was largely an echo chamber of fake accounts without much further traction. The company also removed two smaller state-backed operations which it attributed to Russia and Turkey, both focused on domestic audiences. Twitter said the Chinese network had links to an earlier state-backed operation dismantled last year by Twitter, Facebook and Google’s YouTube that had been pushing misleading narratives about political dynamics in Hong Kong. The new operation likewise focused heavily on Hong Kong, but also promoted messages about the coronavirus pandemic, exiled Chinese billionaire Guo Wengui and Taiwan, the researchers said. Renee DiResta, at the Stanford Internet Observatory, said the network’s coronavirus activity ramped up in late January, as the outbreak spread beyond China, and spiked in March. Accounts praised China’s response to the virus, while also using the pandemic to antagonize the United States and Hong Kong activists, she said. Open-source researchers at Graphika and Bellingcat had earlier flagged the re-emergence of the so-called “Spamouflage Dragon” network, after it went dormant following the companies’ takedowns last summer. The U.S. State Department said in May it had found a network of inauthentic Twitter accounts with “highly probable” linkages to China disseminating false coronavirus claims. Twitter pushed back on the assertions at the time, saying the 5,000 accounts the agency identified included legitimate non-governmental organizations and journalists. A Twitter spokeswoman on Thursday said the network it removed was not related to what the State Department had identified. In Beijing, a foreign ministry spokeswoman said there was a need for Chinese voices with objective views as many platforms carried falsehoods about China. “China is the biggest victim of disinformation,” the spokeswoman, Hua Chunying, told a news briefing. “I think if Twitter wants to do something to its credit, then really the accounts that should be shut off are precisely those which organize and coordinate to attack and smear China.” Over the past year, Chinese diplomatic missions and diplomats, including Hua, set up Twitter or Facebook accounts, often using them to attack Beijing’s critics. Last month, Twitter flagged a tweet written in March by a Chinese government spokesman that suggested the U.S. military brought the novel coronavirus to China, as the social media platform ramps up fact-checking of posts. Source
  21. TikTok, meanwhile, is joining the EU's code of conduct. The European Union wants tech giants to do more than they have to counter fake news for users on the continent. EU foreign policy lead Josep Borrell and European Commission values and transparency VP Vera Jourova have said Facebook, Google and Twitter should produce monthly reports on their efforts to stamp out disinformation campaigns. The officials are not only concerned about attempts by Russia and China to influence European politics, but the direct damage to people from COVID-19 misinformation and anti-vaccination myths. “Disinformation does not only harm the health of our democracies, it also harms the health of our citizens,” Jourova said. The hoped-for reports would detail both efforts to limit COVID-19 falsehoods, including ads, as well as steps taken to promote trustworthy material. Internet companies might not need that much prodding, mind you. Jourova added that TikTok was joining the EU’s voluntary Code of Practice on Disinformation (where Facebook, Google, Mozilla and Twitter are already members) to fight fake news. TikTok is promising to foster truth and transparency in ads, enforce policies against false identities and bots, prioritize “authoritative” info when relevant and help researchers looking into disinformation campaigns. This won’t necessarily lead to a significant shift in TikTok’s existing approach, but it reflects the social video service’s attempts to reassure the world that its international content policies aren’t subject to Chinese government influence. Source
  22. Twitter is now letting employees work from home indefinitely CEO Jack Dorsey informed employees of the new policy on Tuesday Illustration by Alex Castro / The Verge Twitter will now let its employees work from home indefinitely, which was first reported by BuzzFeed News. CEO Jack Dorsey reportedly informed employees of the new policy in an email sent on Tuesday. “If our employees are in a role and situation that enables them to work from home and they want to continue to do so forever, we will make that happen,” a Twitter spokesperson said in a statement to The Verge. “If not, our offices will be their warm and welcoming selves, with some additional precautions, when we feel it’s safe to return.” The spokesperson also shared the following information about the company’s reopening plans and how it is thinking about business travel and events this year: Opening offices will be our decision, when and if our employees come back, will be theirs. With very few exceptions, offices won’t open before September. When we do decide to open offices, it also won’t be a snap back to the way it was before. It will be careful, intentional, office by office and gradual. There will also be no business travel before September, with very few exceptions, and no in-person company events for the rest of 2020. We will assess 2021 events later this year. Twitter’s employees have already been working from home since March 12th when the company ordered all employees to work out of their homes due to the COVID-19 pandemic. Source: Twitter is now letting employees work from home indefinitely (The Verge)
  23. Twitter is reportedly rolling out a tweet scheduling feature to more users Tweet but don't send (Image credit: Future) If you're a regular Twitter user, the ability to schedule tweets rather than blast them out all at the same time can be really handy, and there are a variety of third-party plug-ins to help. Now it seems Twitter might be pushing out its own scheduler more widely. As The Next Web reports, some users have already started seeing a schedule option appear on the interface: you can pick a specific date and time for your post, as well as see all the tweets you've currently got scheduled. This is something that Twitter started testing last year, although the feature was never rolled out widely beyond a small trial group. The new functionality looks similar to the experiment we saw in November. Now it appears more people are getting the option – though for the time being at least, it looks as though the feature is only available if you're using Twitter on the desktop through a web browser. The ever-evolving Twitter We haven't heard anything from Twitter itself yet, so it's possible that this is just an extension of the original test: it may disappear as quickly as it arrived, or it may suddenly become available for everyone at once. Besides being able to schedule tweets through various social media management tools, the feature is also available in TweetDeck – the power user web client that's actually owned and run by Twitter itself. That would suggest it's not going to take too much software engineering know-how to switch the scheduler over to the main Twitter clients. Twitter has also been busy experimenting with new ways to show threads in recent days. Being able to schedule tweets is undoubtedly useful – though it can cause a serious amount of social media embarrassment too, if it inadvertently becomes ill-timed, or looks ignorant of what everyone else is talking about on the network (Twitter moves fast, after all). There's still no sign of an edit button though. Source: Twitter is reportedly rolling out a tweet scheduling feature to more users (TechRadar)
  24. Twitter will not be able to reveal surveillance requests it received from the US government after a federal judge accepted government arguments that this was likely to harm national security after a near six-year long legal battle. The social media company had sued the US Department of Justice in 2014 to be allowed to reveal, as part of its "Draft Transparency Report", the surveillance requests it received. It argued its free-speech rights were being violated by not being allowed to reveal the details. US District Judge Yvonne Gonzalez Rogers granted the government's request to dismiss Twitter's lawsuit in an eleven page order filed in the US District Court for Northern California. The judge ruled on Friday that granting Twitter's request "would be likely to lead to grave or imminent harm to the national security." "The Government's motion for summary judgment is GRANTED and Twitter's motion for summary judgment is DENIED", the judge said in her order. Twitter had sued the Justice Department in its battle with federal agencies as the internet industry's self-described champion of free speech seeking the right to reveal the extent of US government surveillance. The lawsuit had followed months of fruitless negotiations with the government and had marked an escalation in the internet industry's battle over government gag orders on the nature and number of requests for private user information. Tech companies were seeking to clarify their relationships with US law enforcement and spying agencies in the wake of revelations by former National Security Agency contractor Edward Snowden that outlined the depth of U.S. spying capabilities. Twitter's legal battle spanned the tenures of four US attorneys general - Eric Holder, Loretta Lynch, Jeff Sessions and William Barr. Through the use of confidential declarations, the Justice Department was able to show that revealing the exact number of national security letters from 2014, as requested by Twitter, posed a risk to national security, Friday's order said. Twitter did not immediately respond to Reuters' request for comment. SOURCE
  25. Firefox may have stored personal Twitter data in its cache Firefox users who use Twitter may get a notification by the service when they connect to the site the next time that informs them that personal data may have been stored inadvertently in the browser's cache. The message states: Important information for Firefox users We recently learned that the way Mozilla Firefox stores cached data from Twitter may have resulted in non-public information being inadvertently stored in the browser's cache. For example, if you downloaded your data using Firefox, the browser may have retained a copy of the download for a period of time. We have made changes to prevent this from happening again. According to Twitter's notification, personal information such as downloaded data from Twitter or direct message, could have been cached by Firefox. While that is not a problem on a device with a single-user, information could have leaked on devices that are used by multiple users, e.g. on public Internet workstations. Other users or administrators could find the data if they browsed the cache of the browser. Firefox's default caching period is set to 7 days but it is possible to change the retention in the browser's settings. Twitter notes that it has made changes so that the data is no longer stored in Firefox's cache. Other browsers, non-Firefox-based browsers, are not affected by the issue according to Twitter. Other Firefox-based browsers may be affected by the issue on the other hand. It is unclear if Firefox's caching may cause the same issue on other services. Betanews colleague Brian Faglioli asked Mozilla about this on Twitter and received a reply stating that the organization was looking into this. It is a good practice to clear caches and other data after using public machines to access content on the Internet or work locally on a device. Some public workstations are configured to erase caches automatically when users sign-out. Firefox users may use the shortcut Ctrl-Shift-Del to clear the history of the browser. Source: Firefox may have stored personal Twitter data in its cache (gHacks - Martin Brinkmann)
  • Create New...