Twitter Hacked: A number of high-profile Twitter accounts have recently been hacked simultaneously in a cryptocurrency scam.
Some of the affected accounts included Barrack Obama, Elon Musk, Joe Biden, Jeff Bezos, Bill Gates, and Apple.
We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.
— Twitter Support (@TwitterSupport) July 15, 2020
The social media platform has linked the hack to “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
After the company became aware of the issue, Twitter disabling tweeting on verified accounts.
“We’re continuing to limit the ability to Tweet, reset your password, and some other account functionalities while we look into this. Thanks for your patience,” the company tweeted at 2.18 am today.
Two hours later, the company restored the functionality with a warning that it “may come and go” as they continue to work on a fix.
The scammers, who promised millions of fans on high profile accounts to double their bitcoin, managed to collect over 12.5 bitcoins which is over Ksh 12 million.
According to Joseph Cox, a security reporter for Vice:
“A Twitter insider was responsible for a wave of high profile account takeovers on Wednesday, according to leaked screenshots obtained by Motherboard and two sources who took over accounts.”
Twitter says they’re investigating if the rogue employee took over the accounts by him/herself or gave hackers access to the internal tool at the company.
Some hacked accounts were taken over by changing the associated email address using the tool. Screenshots of the tool have been posted even on Twitter, but the company deleted them and suspended the user accounts that shared them.
Affected cryptocurrency-related accounts include that of Coinbase, Gemini, and Binance.
In another update from the company on the story, Twitter has clarified that it has no evidence that attackers accessed passwords. As such, they don’t see it necessary to reset your password – yet. The company said it believes around 130 accounts were targeted in the hack but only managed to gain control over a “small subset” of the total.
It’s yet to be known whether the attackers also compromised non-public data related to the compromised accounts, as investigations are still in the process.
Twitter has taken several measures for security of its users, including;
- Locking down affected accounts and deleted tweets posted by attackers
- Limited functionality of all verified accounts – hacked or not
- Limited access to their internal systems and tools
- Locked accounts that have attempted to change passwords in the past 30 days
- Disabled downloading of Your Twitter Data for all accounts
But here’s the bottom line, “We’re still in the process of assessing longer-term steps that we may take and will share more details as soon as we can.”
‘Bitcoin’ hackers copied the data of several accounts
Twitter confirmed on Friday, that the hackers downloaded data of eight accounts affected — all of them were unverified accounts — by using the platform’s “Your Twitter Data” tool. That means the hackers were able to get most of the private information from the accounts including DMs.
The company also specified that of the 130 accounts targeted, 45 of them were able to be “hacked” by resetting passwords.
(End of update)
Update: 17/7/2020: Included more details about the hack from Twitter
Update 20/07/2020: Included the two paragraphs