A massive Twitter hack on Wednesday saw high-profile accounts, from Barack Obama and Joe Biden to Elon Musk and the official Apple account, hijacked to post messages promoting a cryptocurrency scam. In his first interview since the attack, Twitter CEO Jack Dorsey on Thursday pledged to keep one principle in mind throughout the company’s investigation: transparency.
“We’re going to be really transparent—own anything that we made mistakes around and what we find,” Dorsey said Thursday in a video interview with Fast Company editor-in-chief Stephanie Mehta at Procter & Gamble’s Signal conference. The wide-ranging conversation also included the company’s approach to handling misinformation, features designed to let users take more control over who they interact with on the site, and the platform’s use in the Black Lives Matter protests.
So far, Dorsey and other company officials have said the company was a victim of “social engineering,” a security term that generally refers to hackers scamming people into giving them access they shouldn’t have. Motherboard reported that a hacker allegedly involved in the attack claimed that a Twitter insider was paid for assistance, while TechCrunch reported that a hacker gained access to an internal admin tool. A Twitter spokesperson said in an email to Fast Company that the company didn’t have any updates on the investigation beyond what’s been shared via a company tweet thread.
Dorsey said that Twitter will share details with law enforcement, other companies in the industry, advertisers, and everyday users about what it finds contributed to the hack.
“Right now, it’s just a matter of finding all the evidence and investigating, making sure that we can provide a clear case of exactly what happened and the tick-tock of what went down,” Dorsey said.
In response to the hack, Twitter froze verified users’ ability to post tweets for a few hours on Wednesday evening. The lockdown led to plenty of joking from those who retained the ability to post. But it also impaired the National Weather Service’s ability to tweet out warnings as tornadoes formed amid storms in the Midwest, underscoring the service’s importance to communication.
Some users have been locked out of their accounts until Twitter can verify the actual owners can safely regain control, according to the company. The full extent of the compromise is unclear, since Twitter hasn’t revealed how many accounts that didn’t post the scam messages were taken over by the attackers.
The attack and Dorsey’s transparency pledge come after years of complaints from users that Twitter doesn’t do enough to curb harassment and misinformation on the platform, even as the company has rolled out new features such as letting users limit who can reply to tweets and, for the first time, flagging some of President Trump’s tweets for violating its terms of service. Major brands have pulled ads from social media, including Twitter and Facebook, in recent months, citing the polarized political environment.
In the interview, Dorsey emphasized the importance of gaining the trust of users and advertisers, which may be in disarray given that the accounts of major brands and high-profile tech and political leaders were compromised.
So was the account of presumptive Democratic nominee Joe Biden, which could lead to consequences for the 2020 election. Senator Josh Hawley, a Missouri Republican, urged Twitter to work with federal law enforcement and to answer questions about the breach, including whether users “may have faced data theft” and if President Trump’s account, which did not appear to tweet any unauthorized messages, was threatened.
As Hawley points out, the hijacked Twitter accounts may have had private data such as the content of direct messages stolen.
“As you know, millions of your users rely on your service not just to tweet publicly but also to communicate privately through your direct message service,” he wrote in an open letter to Dorsey. “A successful attack on your system’s servers represents a threat to all of your users’ privacy and data security.”
In a tweet Wednesday night, the company said it is looking into what information the attackers “may have accessed” and will share that information as it becomes available.
“I think the more open we can be, the more we can share, the more we get better, and hopefully the more trust that we earn,” Dorsey said in the interview.