My Wednesday this week did not start well.
I was just wrapping up dropping my kids off at school and kindergarten when the reports started coming in. It looked like our app was hacked and then abused to tweet offensive political content. It didn’t take long before most news channels in the western hemisphere were contacting us for details on the events.
We didn’t have a lot of info in that first hour of the morning, but we saw enough such spammy tweets signed ‘via thecounter’ to suspect there was actually a breach in our service.
So we’ve decided to not take any chances and blocked the ability to take any actions using our service. With that, the hackers could not abuse our app anymore – our users were 100% safe – but neither could our users use our service with all its glory.
Still, it was the best option we had so we took that decision.
Then it was time to investigate, audit and plan our way back into safety.
We split our efforts between checking all system logs, auditing our code, scouring Twitter for clues, interfacing with the Twitter team and planning our next moves towards a safe system.
For the full details of what we are and will be doing – read all the way to the end.
A word to our many users and customers: You entrust us with delivering the most trustworthy insights into your Twitter accounts, help you manage your audience and take actions on your behalf. For that trust we are grateful and we are investing heavily in being worthy of it. We take the brand hit on some of our high-profile users extremely seriously.
Having said that, I also want to remind everyone that in this day and age, when targeted by powerful enough forces, no service is 100% immune, same as no vault and no bank are 100% immune to being robbed. Read here for some eye-opening truths about online security and the most prominent hacks of 2016.
Based on the nature of this attack on our service, it was part of a wider, politically-motivated attack on Twitter users and other Dutch online properties, including a hosting company. Wednesday, the day of the attack, was a pretty important and political day over here in the Netherlands. The Dutch election day was just beginning, with anti-immigration laws the focus of the political debate. Turkey is not happy with Dutch politics, and they’re making themselves heard very loudly and extremely.
So our service was at the receiving end of a politically-motivated attack. We cannot overrule that the Turkish government might be standing behind this, and this could explain how they had the resources and considerable skills required to invade our defenses.
So let’s go back to Wednesday, March 15th and the actions we are taking since then.
The first step we’ve decided to take was a deep technical one, targeted at ensuring the cleanliness of our servers and cloud infrastructure. For that, we took the service down completely, for a whole day (my apologies to you for that). This step is now almost completed, and we are, at the time of writing – Friday afternoon, a few hours away from the service being fully restored in its new setting. Action-taking features which I’ve mentioned before are still blocked until the situation is fully handled.
Next on the list are more technical steps we’re taking to both ensure our code and server integrity and to further upgrade our defenses against cyber attacks.
I can’t go into detail about those for obvious reasons, but we can just say these steps are going to take time and effort to complete. At the other end, we would have a clean system which would be even harder to penetrate. We will also employ cyber specialists to consult us on additional upgrades we can implement.
I want to be certain that the safety of our users can be ensured beyond any reasonable doubt. One thing I want to repeat to remove any doubt – we do NOT store any private or sensitive information, such as credit card details or Twitter passwords.
Cyber security can be tricky and in this connected age it is more important than ever as our identity as companies and as individuals are increasingly being reflected by our online presence. Please follow these safety measures to protect your online accounts, Twitter, and others:
- Enable two-step authentication to your account by linking your phone number to your Twitter account.
- Use a strong password with at least 10 characters and a combination of letters, numbers and other characters.
- Periodically review the list of apps authorized by your account. Make sure you use/ need all of them and revoke access to the ones you don’t.
- Contact Twitter immediately if you think your account has been compromised.
Contact us if you have questions or concerns about your account’s safety with our app.
You can direct your questions or comments regarding this incident or any concerns to our support team or contact me at omer[at]twittercounter.com. I always reply.
Hoping for safer and quieter days soon,