After major hack, Indian government issues notice to Twitter

By Shubham Sharma

Jul 19, 2020

11:23 am

What's the story

The Government of India has issued a notice to Twitter to get more details around how it became the target of a massive coordinated hack three days ago. The attack, conducted through social engineering, affected dozens of accounts, including those of some high-profile users like Tesla boss Elon Musk, Bill Gates, and Presidential candidate Joe Biden. Here's more about it.

Notice

Inquiry on the attack, targeted Indian accounts, and data stolen

In its notice, the Electronics and IT Ministry's Indian Computer Emergency Response Team (CERT-In) sought details of the attack, with a focus on how many Indian users were affected, how many lost their data, and what kind of data was stolen. The agency has also asked how exactly the attackers broke into accounts, like what was their modus operandi and the vulnerability they exploited.

Other questions

Remedial measures, disclosure practices asked

According to PTI's sources familiar with the matter, CERT-In has also inquired about whether the hacked users have been informed about the breach and how many Indians were able to see/interact with the fraudulent tweets that went out from those compromised accounts. It also asked Twitter what the company is doing to curb the impact of the breach and prevent it from happening again.

Response

No word from Twitter on the notice

Twitter has neither commented on India's notice nor detailed how many Indian accounts were compromised in the massive hack. However, previously, the microblogging giant did say that the hackers targeted a total of 130 accounts, of which they managed to reset passwords and break into some 45. Out of these 45, they tried downloading/stealing full account data only for eight - all non verified.

Risk

Warning: They may still have read messages, accessed other information

While the option to download full data archive from the service was used only on a handful of accounts, it is not to say that the hackers did not access messages and other information directly. For all 45 accounts that were broken into, there is a good chance that the hackers may have manually looked at DMs and other critical account information like emails/numbers.

Twitter Post

Here is Twitter's statement on the matter

For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. We are reaching out directly to any account owner where we know this to be true.

— Twitter Support (@TwitterSupport) July 18, 2020

Hack

Several high profile accounts were breached

Notably, many of the compromised accounts belonged to high-profile individuals such as Elon Musk, Bill Gates, Joe Biden, Kanye West, Jeff Bezos, Barack Obama, Kim Kardashian, and Apple. They all were used to Tweet a bitcoin scam of doubling money in a given time to trick people into paying money. Many fell for it, paid an estimated total of Rs. 89 lakh, said reports.