By Joseph Menn
(Reuters) – Twitter Inc (NYSE:) had stepped up its search for a chief information security officer in recent weeks, two people familiar with the search told Reuters, before the breach of high-profile accounts on Wednesday raised alarms about the platform’s security.
The FBI’s San Francisco division is leading an inquiry into the Twitter hacking, as more Washington lawmakers called for an accounting of how it happened.
The law enforcement agency said hackers committed cryptocurrency fraud after they seized control of the Twitter accounts of celebrities and political figures including Joe Biden, Kim Kardashian, Barack Obama and Elon Musk.
A day after the breach, it was not clear if the hackers were able to see private messages sent by the account holders. U.S. lawmakers fretted about future attacks.
“While this scheme appears financially motivated…imagine if these bad actors had a different intent to use powerful voices to spread disinformation to potentially interfere with our elections, disrupt the stock market, or upset our international relations,” U.S. Senator Ed Markey, a Democrat, said in a statement.
Echoing a similar sentiment, Representative Jim Jordan, the top Republican on the House Judiciary Committee, asked what would happen if Twitter allowed a similar incident to occur on Nov. 2, a day before the U.S. presidential election.
Jordan said he remained locked out of his Twitter account as of Thursday afternoon and said his confidence in how the company operates has been deteriorating.
President Donald Trump, a prolific Twitter user, was planning to continue tweeting and his account was secure during the attack, spokeswoman Kayleigh McEnany said.
The White House had been in “constant contact with Twitter over the last 18 hours” to keep Trump’s Twitter feed secure, she said.
Twitter said hackers had targeted employees with access to its internal systems and “used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf”.
Other high-profile accounts that were hacked included rapper Kanye West, Amazon.com Inc (NASDAQ:) founder Jeff Bezos, investor Warren Buffett, Microsoft Corp (NASDAQ:) co-founder Bill Gates, and the corporate accounts for Uber Technologies (NYSE:) Inc and Apple Inc (NASDAQ:).
The company, which has been without a security chief since December, said hackers conducted a “coordinated social engineering attack” against some of its employees with access to internal systems.
In an extraordinary step, it temporarily prevented many verified accounts from publishing messages as it investigated the breach.
The hijacked accounts tweeted out messages telling users to send bitcoin and their money would be doubled. Publicly available blockchain records show that the apparent scammers received more than $100,000 worth of cryptocurrency.
Twitter’s shares fell a little over 1% on Thursday afternoon.
CEO Jack Dorsey said in a tweet on Wednesday that it was a “tough day” for everyone at Twitter and pledged to share “everything we can when we have a more complete understanding of exactly what happened”.
Dorsey’s assurances did not assuage Washington’s concerns about social media companies, whose policies have come under scrutiny by critics on both the left and the right.
Democratic Senator Mark Warner called on Twitter and law enforcement to investigate the matter while the U.S. House Intelligence Committee said it was in touch with Twitter regarding the hack, according to a committee official who did not wish to be named.
Republican Senator Josh Hawley wrote a letter to Dorsey within minutes of the hack and asked about potential data theft and whether the breach affected select users or the security of the platform overall.
Frank Pallone, a Democrat who chairs the House Energy and Commerce Committee that oversees a sizeable portion of U.S. tech policy, said in a tweet the company “needs to explain how all of these prominent accounts were hacked.”
The New York State Department of Financial Services also weighed in, saying it will investigate the hack.