Twitter Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.Anti-spam check. Do not fill this in! === Security === In response to early Twitter security breaches, the United States [[Federal Trade Commission]] (FTC) brought charges against the service; the charges were settled on June 24, 2010. This was the first time the FTC had taken action against a social network for security lapses. The settlement requires Twitter to take a number of steps to secure users' private information, including maintenance of a "comprehensive information security program" to be independently audited biannually.<ref>{{cite web |last=Gonsalves |first=Antone |date=June 25, 2010 |title=Twitter, Feds Settle Security Charges β Twitter Must Establish and Maintain a 'Comprehensive Information Security Program' and Allow Third-Party Review of the Program Biannually for the 10 Years |url=http://www.informationweek.com/news/security/privacy/showArticle.jhtml?articleID=225701450&subSection=Privacy |url-status=dead |archive-url=https://web.archive.org/web/20101023083911/http://www.informationweek.com/news/security/privacy/showArticle.jhtml?articleID=225701450&subSection=Privacy |archive-date=October 23, 2010 |access-date=February 23, 2011 |work=[[InformationWeek]]}}</ref> After a number of high-profile hacks of official accounts, including those of the [[Associated Press]] and ''[[The Guardian]]'',<ref>{{cite web |date=April 30, 2013 |title=Twitter Warns news Organisations Amid Syrian Hacking Attacks |url=http://descrier.co.uk/technology/2013/04/twitter-warns-news-organisations-amid-syrian-hacking-attacks/ |access-date=April 30, 2013 |publisher=Descrier}}</ref> in April 2013, Twitter announced a two-factor login verification as an added measure against hacking.<ref>{{cite news |last=Rodriguez |first=Salvador |date=May 23, 2013 |title=Twitter adds two-step verification option to help fend off hackers |work=Los Angeles Times |url=https://latimes.com/business/technology/la-fi-tn-twitter-two-step-verification-hackers-20130523,0,5416038.story |access-date=June 10, 2013}}</ref> On July 15, 2020, a [[2020 Twitter bitcoin scam|major hack of Twitter]] affected 130 high-profile accounts, both verified and unverified ones such as [[Barack Obama]], [[Bill Gates]], and [[Elon Musk]]; the hack allowed [[bitcoin]] scammers to send tweets via the compromised accounts that asked the followers to send bitcoin to a given public address, with the promise to double their money.<ref name="Statt">{{Cite web |last=Statt |first=Nick |date=July 15, 2020 |title=Barack Obama, Joe Biden, Elon Musk, Apple, and others hacked in unprecedented Twitter attack |url=https://www.theverge.com/2020/7/15/21326200/elon-musk-bill-gates-twitter-hack-bitcoin-scam-compromised |access-date=July 15, 2020 |website=The Verge}}</ref> Within a few hours, Twitter disabled tweeting and reset passwords from all verified accounts.<ref name="Statt" /> Analysis of the event revealed that the scammers had used [[social engineering (security)|social engineering]] to obtain credentials from Twitter employees to access an administration tool used by Twitter to view and change these accounts' personal details as to gain access as part of a "[[smash and grab]]" attempt to make money quickly, with an estimated {{USD|120,000}} in bitcoin deposited in various accounts before Twitter intervened.<ref>{{cite web |last1=Conger |first1=Kate |last2=Popper |first2=Nathaniel |date=July 17, 2020 |title=Hackers Tell the Story of the Twitter Attack From the Inside |url=https://www.nytimes.com/2020/07/17/technology/twitter-hackers-interview.html |url-access=subscription |url-status=live |archive-url=https://web.archive.org/web/20200717210005/https://www.nytimes.com/2020/07/17/technology/twitter-hackers-interview.html |archive-date=July 17, 2020 |access-date=July 17, 2020 |work=[[The New York Times]]}}</ref> Several law enforcement entities including the FBI launched investigations into the attack.<ref>{{Cite web |last1=McMillan |first1=Robert |last2=Volz |first2=Dustin |date=July 19, 2020 |title=FBI Investigates Twitter Hack Amid Broader Concerns About Platform's Security |url=https://www.wsj.com/articles/fbi-investigates-twitter-hack-amid-broader-concerns-about-platforms-security-11594922537 |access-date=July 7, 2020 |work=[[The Wall Street Journal]]}}</ref> On August 5, 2022, Twitter disclosed that a bug introduced in a June 2021 update to the service allowed threat actors to link email addresses and phone numbers to twitter user's accounts.<ref>{{Cite web |title=Twitter confirms zero-day used to expose data of 5.4 million accounts |url=https://www.bleepingcomputer.com/news/security/twitter-confirms-zero-day-used-to-expose-data-of-54-million-accounts/ |access-date=August 11, 2022 |website=BleepingComputer}}</ref><ref>{{Cite web |date=August 8, 2022 |title=Twitter Confirms Data Breach That Exposed Data Of 5.4 Million Users; Attackers May Still Have Data |url=https://www.news18.com/news/tech/twitter-confirms-data-breach-that-exposed-data-of-5-4-million-users-attackers-may-still-have-data-5709259.html |access-date=August 11, 2022 |website=News18}}</ref> The bug was reported through Twitter's [[bug bounty program]] in January 2022 and subsequently fixed. While Twitter originally believed no one had taken advantage of the vulnerability, it was later revealed that a user on the online hacking forum Breached Forums had used the vulnerability to compile a list of over 5.4 million user profiles, which they offered to sell for $30,000.<ref>{{Cite web |last=Paganini |first=Pierluigi |date=August 5, 2022 |title=Twitter confirms zero-day used to access data of 5.4 million accounts |url=https://securityaffairs.co/wordpress/134087/data-breach/twitter-zero-day-data-leak.html |access-date=August 11, 2022 |website=Security Affairs}}</ref><ref>{{Cite web |last=Carter |first=Dylan |publisher=[[The Brussels Times]] |title=Twitter admits to data breach exposing contact info for 5.4 million accounts |url=https://www.brusselstimes.com/business/269326/twitter-admits-to-data-breach-exposing-contact-info-for-5-4-million-accounts |access-date=August 11, 2022 |website=www.brusselstimes.com}}</ref> The information compiled by the hacker includes user's screen names, location and email addresses which could be utilised in [[phishing]] attacks or used to deanonymize accounts running under pseudonyms. Summary: Please note that all contributions to Christianpedia may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here. You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see Christianpedia:Copyrights for details). Do not submit copyrighted work without permission! Cancel Editing help (opens in new window) Discuss this page