Lawmakers on both sides of the aisle are demanding more details on Twitter’s massive hacking attack yesterday. Sen. Ed Markey (D-MA) said in a statement Thursday that “Twitter must fully disclose what happened and what it is doing to ensure this never happens again.”
Twitter accounts on Wednesday belonging to major companies like Apple and Uber and high-profile individuals like Vice President Joe Biden, President Barack Obama, Elon Musk, and Bill Gates were all compromised as part of a coordinated bitcoin scam. According to Twitter, the accounts were compromised by hackers who “successfully targeted” employees who had access to internal systems and tools that provided access to these accounts. The specifics are still unknown, but Twitter said late Wednesday evening that it was still investigating the details of the attack.
Some lawmakers aren’t content to let Twitter set the pace of the investigation. Shortly after the attack started, Sen. Josh Hawley (R-MO) sent a letter to Twitter CEO Jack Dorsey asking how the company plans to address and prevent large-scale breaches like Wednesday’s hacks.
“I am concerned that this event may represent not merely a coordinated set of separate hacking incidents but rather a successful attack on the security of Twitter itself,” Hawley wrote to company CEO Jack Dorsey.
“As you know, millions of your users rely on your service not just to tweet publicly but also to communicate privately through your direct message service,” he said.
“A successful attack on your system’s servers represents a threat to all of your users’ privacy and data security,” the letter read.
All fake tweets instructed people to send cryptocurrency to the same bitcoin address. The tweets were removed throughout the afternoon, shortly after being posted.
While it was unclear how the attacks originated or why they went on for hours, some cybersecurity experts speculated that someone may have gained access to internal Twitter controls that allowed them to take over and post on the accounts.
Twitter started letting verified accounts tweet again on Wednesday night but warned the “functionality may come and go” as it worked on a fix to the breach. Later the same night, Dorsey tweeted that the company was “diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.” He called it a “tough day” at Twitter.
The social media giant said in a later tweet that it “detected a coordinated attack by people who successfully targeted some of our employees with access to internal systems and tools.” The hackers used that access to take over the accounts.