The sweeping hack of verified Twitter accounts Wednesday night was one of the largest security lapses in the platform’s history and led to thousands of users being partially locked out for hours.
But the social media giant, and its users, may have gotten off easy.
Now lawmakers and top officials are mulling how to ensure Twitter is not hacked by groups with more malicious intentions and how to protect other potential cyber targets from the same fate. The conversation has taken on a particular urgency as geopolitical tensions increase during the COVID-19 pandemic with only months left until a presidential election.
“This hack bodes ill for November balloting,” Sen. Richard Blumenthal (D-Conn.), a member of the tech-focused Senate Commerce Committee, said in a statement Thursday.
“Count this incident as a near miss or shot across the bow," he added. "It could have been much worse with different targets. So many security red flags are raised by this criminal attack that the culprits should be tracked down as quickly as possible.”
The hacking incident occurred Wednesday night, when accounts of verified Twitter users including former President Barack Obama, former Vice President Joe Biden, Amazon CEO Jeff Bezos, Tesla CEO Elon Musk, and Microsoft co-founder Bill Gates tweeted out messages asking followers to send them money in the form of bitcoin.
The posts, which were quickly taken down by Twitter, gave an address to a bitcoin wallet, and promised to double any amount sent. The individuals behind the attack quickly raised the equivalent of more than $115,000.
In response, Twitter temporarily restricted the use of verified accounts as it began its investigation into the incident. In at least one troubling case involving the National Weather Service (NWS), this decision prevented critical safety information from reaching the community for hours.
But Twitter now faces a wave of governmental scrutiny, with many seriously concerned that it could provide avenues that others could exploit to cause damage.
The FBI said Thursday that it was launching an investigation into the incident, while New York Gov. Andrew Cuomo (D) directed state agencies to separately investigate the incident.
Both Senate Commerce Committee Chairman Roger Wicker (R-Miss.) and House Oversight and Reform Committee ranking member James Comer (R-Ky.) sent Twitter letters asking the company to brief the panels on the hacking incident, with Wicker writing it was “of great concern” to his committee.
Spokespersons for Sens. Ron Johnson (R-Wis.) and Gary Peters (D-Mich.), the leaders of the Senate Homeland Security and Governmental Affairs Committee, told The Hill that committee staff were also “requesting a bipartisan staff-level briefing to understand how this happened and what we can do to prevent it from happening in the future.”
The letters were sent the day after committee member Sen. Josh Hawley (R-Mo.) sent a separate missive to Twitter encouraging the company to immediately alert the FBI and the Department of Justice of the incident.
“Millions of your users rely on your service not just to tweet publicly but also to communicate privately through your direct message service,” Hawley wrote. “A successful attack on your system’s servers represents a threat to all of your users’ privacy and data security.”
Sen. Ron Wyden (D-Ore.), a member of the Senate Intelligence Committee, pointed to concerns around the security of Twitter’s direct message system (DMs), noting that Dorsey promised during a meeting with Wyden in 2018 to implement end-to-end encryption on the messages.
“Twitter DMs are still not encrypted, leaving them vulnerable to employees who abuse their internal access to the company's systems, and hackers who gain unauthorized access,” Wyden said in a statement. “If hackers gained access to users' DMs, this breach could have a breathtaking impact, for years to come.”