Who must follow the rules: The new rules will apply to presidential campaigns, political parties and certain political candidates, as well as members of the executive branch and Congress. Governors and secretaries of state must also adopt tougher security measures, as do major U.S. news outlets and political journalists, Twitter said.
Those who must adhere to the new rules will receive an in-app notification, but other users can opt to take the same precautions, the company said.
About that big breach: Twitter revealed after the massive breach on July 15 that hackers had not gained access to users’ passwords, so the changes outlined Thursday would not have kept those accounts safe. But less-sophisticated breaches often involve obtaining a user’s password.
Instead, the hackers deceived Twitter employees whose job gives them access to high-profile accounts, Twitter disclosed in late July. Prosecutors have since charged a Florida teenager with masterminding the attack and adults in Florida and the United Kingdom with taking part in the scheme, in which the seized accounts sent out tweets asking their followers to send Bitcoin payments to a mysterious address.
The attack targeted 130 Twitter accounts, tweeted from 45 of them, accessed the direct messages of 36 and downloaded data from seven accounts, Twitter has said.
“This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems,” Twitter said. As a result, Twitter temporarily restricted employee access to its internal controls.
What’s next: Twitter said Thursday it plans to instill security safeguards internally that help the company more quickly detect and respond to suspicious activity, as well as make it more difficult to maliciously takeover an account. The company called those moves “a critical preventative step.”