Twitter accidentally revealed some users’ “protected” (aka, private) tweets, the company disclosed this afternoon. The “Protect your Tweets” setting typically allows people to use Twitter in a non-public fashion. These users get to approve who can follow them and who can view their content. For some Android users over a period of several years, that may not have been the case — their tweets were actually made public as a result of this bug.
The company says that the issue impacted Twitter for Android users who made certain account changes while the “Protect your Tweets” option was turned on.
For example, if the user had changed their account email address, the “Protect your Tweets” setting was disabled.
We’ve become aware of and fixed an issue where the “Protect your Tweets” setting was disabled on Twitter for Android. Those affected have been alerted and we’ve turned the setting back on for them. More here: https://t.co/0qM5B1S393
Twitter tells TechCrunch that’s just one example of an account change that could have prompted the issue. We asked for other examples, but the company declined to share any specifics.
What’s fairly shocking is how long this issue has been happening.
Twitter says that users may have been impacted by the problem if they made these account changes between November 3, 2014, and January 14, 2019 — the day the bug was fixed.
The company has now informed those who were affected by the issue, and has re-enabled the “Protect your Tweets” setting if it had been disabled on those accounts. But Twitter says it’s making a public announcement because it “can’t confirm every account that may have been impacted.” (!!!)
The company explains to us it was only able to notify those people where it was able to confirm the account was impacted, but says it doesn’t have a complete list of impacted accounts. For that reason, it’s unable to offer an estimate of how many Twitter for Android users were affected in total.
This is a sizable mistake on Twitter’s part, as it essentially made available to the public content that users had explicitly indicated they wanted private. It’s unclear at this time if the issue will result in a GDPR violation and fine as a result.
The one bright spot is that some of the impacted users may have noticed their account had become public because they would have received alerts — like notifications that people were following them without their direct consent. That could have prompted the user to re-enable the “protect tweets” setting on their own. But they may have chalked up the issue to user error or a small glitch, not realizing it was a system-wide bug.
“We recognize and appreciate the trust you place in us, and are committed to earning that trust every day,” wrote Twitter in a statement. “We’re very sorry this happened and we’re conducting a full review to help prevent this from happening again.”
The company says it believes the issue is now fully resolved.
We’ve spent the past few weeks burning copious amounts of AWS compute time trying to invent an algorithm to parse Ars’ front-page story headlines to predict which ones will win an A/B test—and we learned a lot. One of the lessons is that we—and by “we,” I mainly mean “me,” since this odyssey was more or less my idea—should probably have picked a less, shall we say, ambitious project for our initial outing into the machine-learning wilderness. Now, a little older and a little wiser, it’s time to reflect on the project and discuss what went right, what went somewhat less than right, and how we’d do this differently next time.
Our readers had tons of incredibly useful comments, too, especially as we got into the meaty part of the project—comments that we’d love to get into as we discuss the way things shook out. The vagaries of the edit cycle meant that the stories were being posted quite a bit after they were written, so we didn’t have a chance to incorporate a lot of reader feedback as we went, but it’s pretty clear that Ars has some top-shelf AI/ML experts reading our stories (and probably groaning out loud every time we went down a bit of a blind alley). This is a great opportunity for you to jump into the conversation and help us understand how we can improve for next time—or, even better, to help us pick smarter projects if we do an experiment like this again!
Our chat kicks off on Wednesday, July 28, at 1:00 pm Eastern Time (that’s 10:00 am Pacific Time and 17:00 UTC). Our three-person panel will consist of Ars Infosec Editor Emeritus Sean Gallagher and me, along with Amazon Senior Principal Technical Evangelist (and AWS expert) Julien Simon. If you’d like to register so that you can ask questions, use this link here; if you just want to watch, the discussion will be streamed on the Ars Twitter account and archived as an embedded video on this story’s page. Register and join in or check back here after the event to watch!
Kaseya—the remote management software seller at the center of a ransomware operation that struck as many as 1,500 downstream networks—said it has obtained a decryptor that should successfully restore data encrypted during the Fourth of July weekend attack.
Affiliates of REvil, one of the Internet’s most cutthroat ransomware groups, exploited a critical zero-day vulnerability in Miami, Florida-based Kaseya’s VSA remote management product. The vulnerability—which Kaseya was days away from patching—allowed the ransomware operators to compromise the networks of about 60 customers. From there, the extortionists infected as many as 1,500 networks that relied on the 60 customers for services.
Finally, a universal decryptor
“We obtained the decryptor yesterday from a trusted third party and have been using it successfully on affected customers,” Dana Liedholm, senior VP of corporate marketing, wrote in an email on Thursday morning. “We are providing tech support to use the decryptor. We have a team reaching out to our customers and I don’t have more detail right now.”
In a private message, threat analyst Brett Callow of security firm Emsisoft said: “We are working with Kaseya to support their customer engagement efforts. We have confirmed the key is effective at unlocking victims and will continue to provide support to Kaseya and its customers.”
REvil had demanded as much as $70 million for a universal decryptor that would restore the data of all organizations compromised in the mass attack. Liedholm declined to say if Kaseya paid any sum in exchange for the decryption tool. Kaseya has since patched the zero-day used in the attack.
That means that, for the time being, it’s not publicly known if Kaseya paid the ransom or received it for free from either REvil, a law enforcement agency, or a private security company.
In the days following the attack, REvil’s site on the dark web, along with other infrastructure the group uses to provide technical support and process payments, suddenly went offline. The unexplained exit left victims and researchers worried that the data would remain locked up forever, since the only people with the ability to decrypt it had vanished.
Where did it come from?
REvil is one of several ransomware groups believed to operate out of Russia or another Eastern European country that was formerly part of Soviet Union. The group’s disappearance came a few days after President Joe Biden warned his Russian counterpart Vladimir Putin that, if Russia didn’t rein in those ransomware groups, the US might take unilateral action against them.
Observers have speculated since then that either Putin pressured the group to go quiet or the group, rattled by all the attention it received from the attack, decided to do so on its own.
Some of the companies victimized by the attack include Swedish grocery store chain COOP, Virginia Tech, two Maryland towns, New Zealand schools, and international textile company Miroglio Group.
REvil is also behind a crippling attack on JBS, the world’s biggest producer of meat. The breach caused JBS to temporarily close some plants.
AT&T reportedly forced a San Antonio woman to wait nearly four months to get Internet service at her new home, and she didn’t get close to solving the problem until she asked a local news station for help.
“Lovie Newman planned for a smooth transition into her new home, including scheduling a transfer for her AT&T high-speed Internet service in advance,” according to a report Tuesday by News 4 San Antonio.
The house Newman moved into was apparently newly built and not yet connected to AT&T’s network, but it sounds like the months-long wait was due primarily to mistakes by AT&T technicians and customer-service problems. In what Newman called “a complete nightmare,” AT&T continually rebuffed her attempts to get Internet service.
Newman scheduled an installation appointment for April 1, but when the day came, AT&T called to say, “we need to reschedule,” she told the news station. Initially, Newman “was told there was a service outage in her new far East Side neighborhood,” News 4 journalist Darian Trotter reported. “Technicians were working on it, but she says they had no idea when service in the area would be restored.”
“I wasn’t hearing back, and I kept getting rescheduled and pushed around to different departments,” Newman said.
“You never came to my house”
Newman was able to schedule another installation appointment in May after the outage was fixed, but installers never came to her house. “For three and a half months, she says she made countless efforts to get connected, including the one time she got an appointment and eagerly waited for technicians to arrive,” News 4 said.
Newman was at home waiting for installers to arrive when she got a message from AT&T saying, “we missed you,” she told News 4. “I’m like, ‘you never came to my house. How did you miss me?'” AT&T installers had mistakenly gone to a different address in Alamo Heights, the report said.
“Out of desperation, she considered switching service providers,” but “an online search of at least three companies revealed service in her neighborhood wasn’t available.” The TV station’s video report shows that those three providers were Charter Spectrum, Grande Communications, and Google Fiber.
“I put in my address and it said, ‘not available,'” Newman said. Newman was afraid of losing her job because of the lack of AT&T Internet service, but News 4 said that “Newman’s employer was able to make special accommodations to keep her working.”
Even though AT&T has dragged its feet for months, its website says that service should be readily available to Newman. We entered Newman’s address into AT&T’s online availability checker, and it reports that fiber-to-the-home service is available where she lives:
AT&T gets moving after hearing from reporter
After months of waiting for AT&T to provide a broadband connection, Newman contacted Trotter at News 4 over two weeks ago. The station reached out to AT&T, and while the company initially did not reply to the media organization, the prospect of news coverage got AT&T’s attention.
The news video showed an email sent to Newman on July 8 from an employee in an AT&T executive office. “The AT&T Office of the President (OOP) received a communication from a local news media reporter,” the email said. “However, since you are our customer, I wanted to reach out to you directly.”
The week after that July 8 email, News 4 “received a statement from a spokeswoman saying, ‘our team has already begun looking into this and is in contact with Ms. Newman,'” Trotter said in the news report. Newman was still waiting for service to be installed this week when the News 4 report aired. “I want my Internet to be installed, up and running by this weekend,” she told the station.
Due to News 4 prodding AT&T into action, it seems that Newman is finally close to getting connected—nearly four months after AT&T abruptly canceled her first installation appointment. “After we got involved, Newman says techs have recently installed wiring, and an Internet box has been set up outside her home,” Trotter said at the end of his report. “Everything is ready, she just needs to schedule the installation.”
We contacted Newman and AT&T today about whether service has been or will soon be installed and will update this article if we get new information.
Newman’s AT&T nightmare unfortunately not unique
Newman’s ordeal is similar to one we wrote about in April. In that case, Comcast had an error in its coverage map and falsely told the customers that Internet service would be available at their new home. The couple, Edward Koll and Jo Narkon, then paid Comcast $5,000 for a network extension, but the project kept getting delayed. Comcast finally provided Internet service after Koll contacted Ars and we reached out to Comcast’s public relations department.
Koll and Narkon ended up waiting six months for cable Internet and had to use unreliable and data-capped cell service that entire time. We’ve written other stories over the years about Comcast falsely telling customers that they could get service. After our article about Koll and Narkon published a few months ago, we heard from a few more people in Comcast territory who were incorrectly told that Internet service would be available at their homes.
We also wrote about a frustrated AT&T-using family in Mississippi in November 2020. AT&T had falsely promised Kathie McNamee and her family U-verse Internet service of about 5Mbps, which is slow by today’s standards but still much faster than what they ended up getting. Ultimately, AT&T only provided the family speeds of up to 768kbps over its legacy DSL network and has not upgraded its network there or in many other areas where glacially slow AT&T speeds are the norm.
This kind of AT&T home-Internet problem is nothing new. Back in 2015, we wrote about a family in Georgia that couldn’t get AT&T Internet at a home they bought even though their neighbors and the home’s previous owners had service. AT&T said it didn’t have enough capacity to hook up additional customers.