Twitter says it has “no evidence” user passwords were accessed as part of yesterday’s massive attack targeting the company’s internal tools, but it is still working to restore access to locked accounts. The updates were shared as part of a series of tweets posted Thursday afternoon.
Yesterday, attackers hijacked the accounts of some of the most-followed people on Twitter, including President Barack Obama, Vice President Joe Biden, Elon Musk, Bill Gates, and Kanye West, to post bitcoin scams. The company made the decision to lock many accounts last night as a precaution to reduce further damage from the attacks, and it provided more detail about why accounts were locked in this afternoon’s tweets.
“Out of an abundance of caution, and as part of our incident response yesterday to protect people’s security, we took the step to lock any accounts that had attempted to change the account’s password during the past 30 days,” Twitter said. The company added that if an account was locked, that didn’t “necessarily mean” that the account was compromised, and it believes only a “small subset” of locked accounts actually were.
Twitter says it’s working “ASAP” to restore access, but the process may still take some time.