After major hack, Indian government issues notice to Twitter
The Government of India has issued a notice to Twitter to get more details around how it became the target of a massive coordinated hack three days ago. The attack, conducted through social engineering, affected dozens of accounts, including those of some high-profile users like Tesla boss Elon Musk, Bill Gates, and Presidential candidate Joe Biden. Here's more about it.
Inquiry on the attack, targeted Indian accounts, and data stolen
In its notice, the Electronics and IT Ministry's Indian Computer Emergency Response Team (CERT-In) sought details of the attack, with a focus on how many Indian users were affected, how many lost their data, and what kind of data was stolen. The agency has also asked how exactly the attackers broke into accounts, like what was their modus operandi and the vulnerability they exploited.
Remedial measures, disclosure practices asked
According to PTI's sources familiar with the matter, CERT-In has also inquired about whether the hacked users have been informed about the breach and how many Indians were able to see/interact with the fraudulent tweets that went out from those compromised accounts. It also asked Twitter what the company is doing to curb the impact of the breach and prevent it from happening again.
No word from Twitter on the notice
Twitter has neither commented on India's notice nor detailed how many Indian accounts were compromised in the massive hack. However, previously, the microblogging giant did say that the hackers targeted a total of 130 accounts, of which they managed to reset passwords and break into some 45. Out of these 45, they tried downloading/stealing full account data only for eight - all non verified.
Warning: They may still have read messages, accessed other information
While the option to download full data archive from the service was used only on a handful of accounts, it is not to say that the hackers did not access messages and other information directly. For all 45 accounts that were broken into, there is a good chance that the hackers may have manually looked at DMs and other critical account information like emails/numbers.
Here is Twitter's statement on the matter
For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. We are reaching out directly to any account owner where we know this to be true.— Twitter Support (@TwitterSupport) July 18, 2020
Several high profile accounts were breached
Notably, many of the compromised accounts belonged to high-profile individuals such as Elon Musk, Bill Gates, Joe Biden, Kanye West, Jeff Bezos, Barack Obama, Kim Kardashian, and Apple. They all were used to Tweet a bitcoin scam of doubling money in a given time to trick people into paying money. Many fell for it, paid an estimated total of Rs. 89 lakh, said reports.