Twitter: No evidence hackers accessed user passwords

Social network has no plans to reset user passwords after yesterday's massive hack that spread a Bitcoin scam on the platform.

Twitter

Image via Yucel Moran

Security

Remove yourself from the internet, hide your identity, and erase your online presence

Here is a step-by-step guide to reducing your digital footprint online, whether you want to lock down data or vanish entirely.

Read More

In an update to its ongoing investigation into yesterday's massive hack, Twitter said it found no evidence that hackers had gained access to user passwords.

As a result of this finding, the social network does not plan to reset any user passwords going forward as a result of yesterday's incident when intruders broke into hundreds of high-profile accounts to promote a Bitcoin scam.

Twitter said the hack took place after a third-party group executed "a coordinated social engineering attack" against its employees to gain access to its backend and used internal tools to send out tweets on behalf of verified high-user-count profiles.

Defaced accounts included profiles for former US President Barrack Obama, former US Vice-President Joe Biden, celebrities like Kanye West and Kim Kardashian, but also tech companies like Apple and Uber. In total, Twitter said that hackers targeted around 130 accounts, but managed to tweet only on the behalf of a few of those.

Twitter stopped the attack yesterday by blocking verified accounts from sending out new tweets before rooting out the hackers from its backend.

Verified accounts were locked for a few hours before being reinstated.

Today, Twitter also blocked all of its users from tweeting strings that featured formatting similar to a Bitcoin address, making the job of some security analysts and code developers harder, as the measure also blocked some of their workflows that featured similar-looking strings (such as file hashes and Git file paths).

In an update to its investigation today, Twitter also said it blocked some users from changing their passwords, a measure it took to prevent account hijacking as a result of yesterday's hack.

Only Twitter accounts that changed their password in the last month were affected by this last measure.

Twitter said its investigation is ongoing. US law enforcement agencies are also looking into the incident.

Some issues with Twitter's investigation remain, such as if hackers had access to user's private messages, a question Twitter has been dodging.

Updated on July 17, 8am ET, with new information shared by Twitter.