Skip to content

  • Home
  • COVID-19 Guide
  • Podcast library
  • Client results
  • Expertise
  • News & Insights
  • People
  • Our DNA
  • Inclusion and Diversity
  • Join us
  • Contact Us
Home / NEWS & INSIGHTS / News / Twitter outage linked to data breach
News 7 August 2020

Twitter outage linked to data breach

On 15 July, Twitter announced that it had suffered a data security breach, which allowed the accounts of various world leaders and prominent individuals to be compromised.  As part of its response to the breach, it shut down all ‘blue tick’ verified accounts for about an hour, which naturally triggered worldwide attention to the issue. 

While according to Twitter’s own blog update, it is still investigating the issue, we know already a reasonable amount about what happened.  To this end, it is a very timely reminder of the risks of social engineering, when even one of the world’s leading technology companies can have its two-factor authentication measures bypassed.  It will also be interesting to see what comes from the inevitable investigations and notifications – it appears that personal information was compromised and so data breach notification laws globally (think Californian Civil Code in the USA, General Data Protection Regulation (GDPR) in Europe, Privacy Act in Australia and beyond) may have been triggered.

So what happened?

In short, attackers targeted certain Twitter employees through a social engineering scheme and gained their login credentials.  With those credentials, they were able to then access Twitter’s internal systems and use some internal support tools to compromise live Twitter accounts.

About 130 accounts were targeted, and of these, 45 were compromised to the extent that the passwords were reset, and the attackers gained full access of the accounts.

Once they had access, the attackers started posting public requests for bitcoin payments from those accounts (which received responses, perhaps surprisingly), and it is thought that this financial motivation is the key reason behind the attacks.  The FBI is reportedly investigating the data breach, as is Twitter of course, and while it appears at the moment that only accounts that had the bitcoin message were taken over, but it might be more widespread than that. 

It is quite extraordinary to think that verified accounts could be compromised in this way.  With access to the accounts, contact details and the substance of messages (including all DMs) has been compromised and may (likely) have been copied.  If that is the case, not only does it raise the issue of privacy-related data breach notification, but perhaps more significantly, raises risks around the misuse of commercially sensitive information, or even information relating to matters of national (or international) security, which could have been present in those compromised messages. 

Beyond that, there are broader questions being raised about how Twitter’s platform operates.  From screenshots of the admin module allegedly obtained from the attackers, there are suggestions that Twitter’s platform does not simply display messages unthinkingly, but that there is scope for Twitter to curate trends or hide users or tweets from showing up in searches.  If that were ultimately the case, it would be highly significant because it is contrary to how Twitter has publicly explained its platform, and might impact on the conclusions reached in the US Department of Justice’s current examination of whether to strip Twitter and Facebook of their immunity from slander laws as mere information conduits rather than publishers.

There is plenty more to come from this story – watch this space.


This publication covers legal and technical issues in a general way. It is not designed to express opinions on specific cases. It is intended for information purposes only and should not be regarded as legal advice. Further advice should be obtained before taking action on any issue dealt with in this publication.

About the authors

  • Alex Hutchens

    Partner

In other news

Tax administration lessons learnt from COVID-19 (and promptly forgotten)

24 February 2021Insight

Queensland’s new project trust regime to commence on 1 March 2021

15 February 2021BIF Act Amendment Series, Insight

McCullough Robertson strengthens its National Construction and Infrastructure team with key Partner hire in Brisbane

27 January 2021News

New Industrial Relations Laws – What it means for you

22 December 2020Insight

VIEW ALL NEWS & INSIGHTS

BRISBANE

Level 11, 66 Eagle Street
Brisbane QLD 4000
GPO Box 1855
Brisbane QLD 4001
Tel +61 7 3233 8888
Fax +61 7 3229 9949

 

GET IN TOUCH

    Contact form

    We handle your personal information in accordance with our privacy policy.

    sydney

    Level 32, MLC Centre
    19 Martin Place
    Sydney NSW 2000
    GPO Box 462
    Sydney NSW 2001

    Tel +61 2 8241 5600
    Fax +61 2 8241 5699

     

    GET IN TOUCH

      Contact form


      We handle your personal information in accordance with our privacy policy.

      melbourne

      Level 27, 101 Collins Street
      Melbourne VIC 3000
      GPO Box 2924
      Melbourne VIC 3001

      Tel +61 3 9067 3100
      Fax +61 3 9067 3199

       

      GET IN TOUCH

        Contact form

        We handle your personal information in accordance with our privacy policy.

        follow us

        CLIENT LOGIN

        newcastle

        Level 2, 16 Telford Street
        Newcastle NSW 2300
        PO Box 394
        Newcastle NSW 2300

        Tel +61 2 4914 6900
        Fax +61 2 4914 6999

         

        GET IN TOUCH

          Contact form


          We handle your personal information in accordance with our privacy policy.

          canberra

          Level 9, 2 Phillip Law Street
          Canberra ACT 2601

          Tel +61 2 6243 3699
          Fax +61 2 8241 5699

           

          GET IN TOUCH

            Contact form


            We handle your personal information in accordance with our privacy policy.

            © 2017 McCullough Robertson. Site map Disclaimer Privacy Policy Statement of Business Ethics Credit Reporting Policy

            X