Several verified high profile Twitter accounts were hacked on Wednesday in a cryptocurrency scam that targeted accounts belonging to Apple, Tesla CEO Elon Musk, Amazon CEO Jeff Bezos, Microsoft CEO Bill Gates, and more.
/article-new/2020/07/apple_bitcoin_hack.jpg?lossy)
Twitter has said it doesn't believe any passwords were stolen in the hack, which forced the company to temporarily lock all verified accounts on the platform. While the company continues to investigate the attack, a new report suggests at least one Twitter employee and possibly more were involved in the takeover.
Motherboard was able to speak to two of the alleged hackers, who claim they paid a Twitter employee to gain access to the compromised accounts using an internal tool. This tool apparently allows staff to change the email address associated with accounts, and it was this ability that allowed the security breach to take place.
Twitter on Thursday said that a "coordinated social engineering attack" had targeted some of its staff as part of the hack.
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools. — Twitter Support (@TwitterSupport) July 16, 2020
Hackers posted tweets on the compromised accounts saying that if followers sent Bitcoin to a wallet address then they would receive double the amount in return. Many users clearly fell for the scam, which earned the hackers over $100,000 in the space of two hours.
Twitter believes approximately 130 accounts were targeted by the attackers in some way as part of the incident, but the company has not yet been able to confirm whether DMs were compromised. The FBI is also investigating how the breach was allowed to happen.
Top Rated Comments
not to mention a few years ago, a single fake tweet "from the AP" cost billions in losses and the hack lasted like 3 minutes.
this hack lasted 2-3hours where the hackers/rogue employee had full account access to every blue check including DM's
there are easier ways to make money with that kind of info/access if that was the goal
which makes the Bitcoin scam look like a smokescreen or the US being put on notice by an adversary
which funny enough is the most comforting, we could already assume an enemy Gov't has the hacking resources as well as the means to bribe/coerce an employee.
but if it was truly just idiots out for money it shows what power idiots can access at twitter.
eitherway shows the security problems