It’s rare that a major social media platform has to inform its users en masse that they’ve been the victims of a large-scale hacking event or data breach, but that’s exactly what Twitter had to do last week.

In an interesting twist on the typical data breach, though, there’s no indication that cybercriminals were actually successful in trying to nab sensitive data, and there are certainly signs that state-sponsored hackers are involved. One of the more telling aspects of this breach of some Twitter accounts is the information thieves seem to have been after, as well as the targeting of seemingly specific accounts. Rather than going after bulk user accounts and hoping for the most information they can get, the hackers apparently went after the email addresses, phone numbers, and IP addresses of their victims.

Interestingly, users who tweeted that they’d received the warning from Twitter that their accounts might have been compromised often had something in common. The majority of users who shared the news work in career fields like cryptography, security research, political or social activism, or journalism. One non-profit organization received the warning about its account, and its name—Canadian-based Coldhak—leaves little doubt as to why hackers might be interested in accessing their information.

While Twitter has suffered its share of data breach issues over the years, this marks the first time the company has indicated it was the work of state-sponsored hackers. Countries like North Korea have been blamed for events like the Sony Pictures hacking (something North Korea denied any involvement in), but it certainly isn’t the only country that has been pinpointed for its use of highly-trained, government-paid cyberspies.

Twitter sent out the emailed notification to the account holders it believes were impacted, and has acknowledged that it did send out those emails. However, the company isn’t offering any more information or speculation at this time other than to say they don’t know if the accounts actually were infiltrated and that they are actively pursuing the matter.

So what does it mean for social media users when their accounts are hacked, regardless of who’s behind it? That depends. In Twitter’s case, the company gathers a limited amount of mostly non-sensitive data on its account holders; the company only began requesting phone numbers as an authentication tool earlier this year. That means the type of information that was stolen has little impact on users’ identities, but can be used for falsifying social media activity. Until investigators know more about who breached the platform’s security and what information they actually took, it will be hard to know what they plan to do with it.

Any time you have reason to suspect your account may have been breached, it’s a good idea to change your password in order to restrict access to it. It’s also wise to make sure you have the strictest security settings in place on your activity. Most of all, though, it’s important to treat an online account with exactly the same scrutiny you’d give to a notice you’d printed out and pinned to a public billboard. It’s not private, it won’t be deleted, and you don’t actually control who can see it or share it. If you remember that every social media platform has its vulnerabilities, you’ll be better able to post content without oversharing.


ITRC Sponsors and Supporters 





Go to top


Need identity theft information on the go?

Download our ID Theft Help Mobile app.