Twitter warns users they may have been hacked by 'state-sponsored actors'
Twitter users urged to use an anonymous browser to keep their identity secret in the wake of hacks
Twitter has warned a number of users that they may have been the target of a state-sponsored attack.
The company has apparently sent the warnings by email to more than 20 users, all of which contain the same details.
The warning begins: “As a precaution, we are alerting you that your Twitter account is one of a small group of accounts that may have been targeted by state-sponsored actors. We believe that these actors (possibly associated with a government) may have been trying to obtain information such as email addresses, IP addresses, and/or phone numbers.”
It continues: “At this time, we have no evidence they obtained your account information, but we’re actively investigating this matter. We wish we had more we could share, but we don’t have any additional information at this time.”
Among those who have publicly said that they received the warning are: Winnipeg-based information security nonprofit coldhak; Minnesotan encryption activist myriadmystic; privacy and security researcher Runa Sandvik; and Austrian communications consultant Marco Schreuder.
Twitter is following both Google and Facebook in sending out warnings to perceived targets of state-sponsored hacking. Google’s warnings were introduced in 2012, while Facebook began sending its own in October this year.
None of the technology firms have gone into detail about how they distinguish state-sponsored attacks from more conventional hacks, however, with both Google and Facebook explicitly citing the need to keep their methodology secret in order to keep the hackers on the back foot.
Twitter’s specific warning has sparked criticism from those who received it, however. The company advises users to use the anonymous browser Tor to keep their identity secret in the face of hacks, but Tor users have often accused the firm of blocking accounts that log in using the service, thinking they are spammers.
Users whose accounts are blocked in this way can get them back by verifying with a phone number – and phone numbers are one of the pieces of information that Twitter has warned may have been stolen in the attacks.