Twitter accounts of some of the world's most influential politicians, tech moguls, celebrities and companies were hacked on Wednesday. Among these are Bill Gates, Elon Musk, Jeff Bezos, Barack Obama, Kanye West, Michael Bloomberg, and Kim Kardashian West. The hacked accounts tweeted asking their followers to send money to a particular Bitcoin address.
Twitter Disabled Verified Accounts
On July 15, Twitter temporarily disabled all verified accounts from posting anything. The decision was the company's security measure following a widespread hack on high-profile verified accounts. Some of the hijacked accounts that lured followers into Bitcoin scams include Israeli Prime Minister Benjamin Netanyahu, Apple, Wiz Khalifa, Uber, Floyd Mayweather, and Warren Buffett.
At 6 PM Eastern Time, Twitter disabled all verified accounts from sending tweets. Twitter restored the accounts' tweeting-ability at around 8:35 PM Eastern Time. The official Twitter Support account shared the service restoration. It also advised users to reset passwords while promising to review and address the incident.
At 5:45 PM ET on Wednesday, Twitter first acknowledged the situation and called it a security incident. Initially, the compromised accounts seemed to be back under the real owners' control as scam texts were hastily deleted. However, several users reported getting error messages on the social microblogging site as the situation progressed.
What Just Happened Twitter?
Twitter is still learning about the specifics on how the hack went down. Techcrunch earlier reported that the attacker used the internal twitter admin tool to access high-profile accounts. Twitter later confirmed the site's report in a tweet.
According to the company, the attack was coordinated social engineering on employees that allowed the attacker to gain access to internal tools and systems. Although it may look that the scope of the hack on the social microblogging site on Wednesday was unprecedented, the type of scam used is pretty standard. Just like past attacks, the method used is pretty generic of a scam.
Attackers first take over accounts using leaked or breached passwords. After that, they would post messages or send texts encouraging receivers, followers, or users to post their cryptocurrency funds to a specific address. To make the offer more enticing, hackers would claim that they would double the investment, but in reality, its just theft.
Tough day for us at Twitter. We all feel terrible this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened. to our teammates working hard to make this right. — jack (@jack) July 16, 2020
At the time of this publication, the blockchain address used by attackers in the tweets they made using verified accounts of high-profile personalities and companies has already amassed over 12.5 bitcoin. That is around $166,000, and it is rising by the minute.
