By Barbara Ortutay, Technology Writer
OAKLAND, Calif. (AP) --Twitter says the hack that compromised the accounts of some of its most high-profile users targeted 130 people. The hackers were able to reset the passwords of 45 of those accounts.
The San Francisco=based company said in a blog post Saturday that for up to eight of these accounts the attackers also downloaded the account's information through the "Your Twitter Data" tool. None of the eight were verified accounts, Twitter said, adding that it is contacting the owners of the affected accounts.
"We're embarrassed, we're disappointed, and more than anything, we're sorry. We know that we must work to regain your trust, and we will support all efforts to bring the perpetrators to justice," Twitter said in the blog post.
The July 17 attack broke into the Twitter accounts of world leaders, celebrities and tech moguls in one of the most high-profile security breaches in recent years. The attackers sent out tweets from the accounts of the public figures, offering to send $2,000 for every $1,000 sent to an anonymous Bitcoin address.
It highlighted a major flaw with the service millions of people have come to rely on as an essential communications tool.
Allison Nixon, chief research officer at cybersecurity firm 221B said in an email Sunday that the people behind the attack appear to have come from the "OG" community, a group interested in original, short Twitter handles such as @a, @b or @c, for instance.
"Based upon what we have seen,the motivation for the most recent Twitter attack is similar to previous incidents we have observed in the OG community — a combination of financial incentive, technical bragging rights, challenge, and disruption," Nixon wrote. "The OG community is not known to be tied to any nation state. Rather they are a disorganized crime community with a basic skillset and are a loosely organized group of serial fraudsters."
While this attack did not appear go further than the Bitcoin ruse — at least for now — it raises questions about Twitter's ability to secure its service against election interference and misinformation ahead of the U.S. presidential election.
"Entire markets and potentially elections may be manipulated or altered in this way," Nixon said. "Victims of account takeovers generally do not know that the fraud has occurred, and generally cannot take security precautions to prevent it."
California governor signs law to protect children from social media addiction
California will make it illegal for social media platforms to knowingly provide addictive feeds to children without parental consent beginning in 2027 under a new law Democratic Gov. Gavin Newsom signed Friday.
California follows New York state, which passed a law earlier this year allowing parents to block their kids from getting social media posts suggested by a platform's algorithm. Utah has passed laws in recent years aimed at limiting children's access to social media, but they have faced challenges in court.
The California law will take effect in a state home to some of the largest technology companies in the world. Similar proposals have failed to pass in recent years, but Newsom signed a first-in-the-nation law in 2022 barring online platforms from using users' personal information in ways that could harm children. It is part of a growing push in states across the country to try to address the impacts of social media on the well-being of children.
"Every parent knows the harm social media addiction can inflict on their children โ isolation from human contact, stress and anxiety, and endless hours wasted late into the night," Newsom said in a statement. "With this bill, California is helping protect children and teenagers from purposely designed features that feed these destructive habits."
The law bans platforms from sending notifications without permission from parents to minors between 12 a.m. and 6 a.m., and between 8 a.m. and 3 p.m. on weekdays from September through May, when children are typically in school. The legislation also makes platforms set children's accounts to private by default.
Opponents of the legislation say it could inadvertently prevent adults from accessing content if they cannot verify their... Read More