At least 11 Twitter users received notifications Friday evening that their accounts might have been targeted by state-sponsored attackers. Among those impacted are mass surveillance researchers, security professionals, and at least one privacy organization.
Twitter just emailed me . "..your Twitter account .. may have been targeted by state-sponsored actors" pic.twitter.com/0t6V8lRHgG
— Anne Roth (@Anne_Roth) December 12, 2015
The notification emails went out around 5:30PM ET. This is the first time the service has mentioned, let alone deployed, its state-sponsored attack warning system, and as Twitter noted in its notification letter above, the company believes only email addresses, IP addresses, and phone numbers would have been exposed. While many of those impacted seem to be interested in privacy issues — if not making a living off them — there isn't a direct tie between the accounts. Jacob Appelbaum, a primary member of the Tor Project, began organizing a list of sorts on his Twitter feed to keep up with individuals receiving notifications.
With all these people getting notified about state sponsored hacking - one has to ask did @Twitter get owned? Do they plan to share more?
— Jacob Appelbaum (@ioerror) December 12, 2015
Twitter hasn't shared additional information beyond its notification letter.
Both Facebook and Google have similar emergency alerts in place for state-sponsored attacks. Facebook's launched in October and immediately recognized attacks on State Department employees. The federal department only found out about those attacks because of the alert system, a New York Times report indicated. Access to social media accounts can be lucrative for determined attackers. One account could yield access to dozens of others and open up lines of communication between people in a particular field or network.