Posts Tagged: incident
Twitter says a ‘security incident’ led to private Circle tweets becoming public
Back in April, users found a bug with Twitter’s Circle feature that saw the platform expose private tweets to strangers. Now, nearly a month later, the company has finally commented on the issue. In an email seen by The Guardian, Twitter told affected users the exposure was the result of “a security incident that occured earlier this year.”
The company claims the issue was “immediately fixed.” It also shared an apology. “Twitter is committed to protecting the privacy of the people who use our service, and we understand the risks that an incident like this can introduce and we deeply regret this happened,” the company said. When news of the exposure first started circulating online, some, including creator Theo Brown, speculated the issue was the result of Twitter failing to filter Circle tweets out of its recommendation algorithm. Twitter has not operated a communications department since Elon Musk's first round of layoffs, and the company did not initially acknowledge the issue.
More broadly, Twitter has dealt with a growing number of technical issues since Musk’s takeover of the company in October. The billionaire has reduced the company’s workforce by at least 60 percent, gutting many of its technical teams of senior leadership. Over that time, Twitter has suffered multiple outages and otherwise created confusion over feature rollouts and removals.
This article originally appeared on Engadget at https://www.engadget.com/twitter-says-a-security-incident-led-to-private-circle-tweets-becoming-public-164954799.html?src=rss
Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics
Okta had another security incident, this time involving stolen source code
Okta is responding to a major security incident for the second time this year. As first reported by BleepingComputer, Okta began notifying customers earlier today via email of an event that saw an unnamed party steal the company’s source code. In early December, Okta was notified by GitHub of possible suspicious access to its online code repositories. Following an investigation, Okta determined someone had used that access to copy over its source code but that they had subsequently not gained unauthorized access to its identity and access management systems.
In a statement Okta shared with Engadget, the company confirmed it was notifying customers of a recent security incident, and pointed to a blog post it published moments ago. "In early December 2022, GitHub alerted Okta about possible suspicious access to Okta code repositories. We have confirmed no customer data was impacted, nor was there any other customer impact. No customer action is required and the Okta service remains fully operational and secure," an Okta spokesperson told Engadget. "Okta does not rely on the confidentiality of its source code for the security of its services. This event does not impact any other Okta products, and we have been in communication with our customers."
While the damage from the GitHub incident appears minimal, the event was still a significant test of Okta. Following the Lapsus$ breach that saw hackers from the ransomware gang access two active customer accounts, the company admitted it “made a mistake” in handling the disclosure of that data breach. You may recall it took Okta two months to notify customers of what had happened, and one of the things it promised to do in the aftermath of the incident was “communicate more rapidly with customers.” That pledge was put to the test.
Update 4:27PM ET: Added confirmation and comment from Okta.
Europe’s sat-nav network crippled by ‘technical incident’
Engadget RSS Feed
Facebook may have broken FTC deal in Cambridge Analytica incident
Engadget RSS Feed