Twitter Warns Users of State Sponsored Hacking

Twitter on Friday began sending notifications to several users, warning them that their accounts might be targeted by state sponsored attackers.

In the message sent to users, the company said that usernames, IP address, and email addresses were impacted by the attacks, along with phone numbers, when associated with the accounts. However, Twitter did not reveal which country it believes could be behind the attacks, but it did say it was investigating the incidents.

Twitter is now the third social network to warn users of possible state sponsored attacks, after Google in 2012 and Facebook in October of this year announced they would take similar actions. Both companies revealed that they already had the systems in place to monitor accounts for potentially malicious activity, yet Twitter did not make such a formal announcement on the matter.

While this appears to be the first time the company has sent out notices to users on suspected compromise from an attacker believed to be working on behalf of a nation-state, future similar notifications might follow.

According to a post on Motherboard, Twitter’s warning reached users at around the same time, between 5:15 and 5:16 PM EST on Friday.

Some of the users receiving these notifications are connected to the Tor Project, while others are associated with the security community, yet no specific link between them has been found so far.

Winnipeg-based nonprofit organization Coldhak was one of the first to tweet about the warning, with Colin Childs, one of the founding directors, receiving the notification on his personal account as well.

We received a warning from @twitter today stating we may be “targeted by state-sponsored actors” pic.twitter.com/oZm83eVFC5

— coldhak (@coldhakca) December 11, 2015

In the email notification, Twitter also noted that it had no evidence that the attackers managed to obtain account information. Since account compromise was a possibility, users were advised to take steps towards improving their security, where necessary.

Runa Sandvik, a privacy and security researcher who now works with media organizations to train them on the matter, appears to have been targeted by such an attack as well. She used to work with the Tor Project, which is focused on helping users maintain their privacy online, and the attack might have been triggered by her previous work.

However, she criticizes Twitter in one of her tweets, because the warning she received from the messaging platform was encouraging her to use Tor to protect her online identity, yet she says Twitter frequently blocks accounts that are accessed over Tor.

Twitter suggests I use Tor to protect my online identity, yet frequently blocks accounts accessed over Tor. pic.twitter.com/5ChKERPscC

— Runa A. Sandvik (@runasand) December 11, 2015

With Twitter yet to make an official announcement on its policy towards notifications regarding state sponsored attacks, it’s unclear why users received these warnings, especially with some of them saying that no suspect activity has been observed on their accounts. It is also unclear how many users received the email alterts.