Twitter accounts belonging to Elon Musk, Joe Biden, Bill Gates, among other prominent handles have been compromised in one of the most widespread and confounding hacks the platform has experienced.
The mayhem started when Tesla CEO, Elon Musk’s Twitter account posted “Feeling grateful doubling all payments sent to my BTC address! You send $1,000, I send back $2,000! Only doing this for the next 30 minutes,” The tweet also contained a bitcoin address, presumably one associated with the hacker’s crypto wallet.
Microsoft co-founder Bill Gates’ account was also seemingly accessed by the same scammer who posted a similar message with an identical bitcoin wallet address. Both accounts continued to post new tweets promoting the scam almost as fast as they were deleted.
Shortly after the initial wave of tweets from Gates and Musk’s accounts, the accounts of former President Barack Obama, Amazon CEO Jeff Bezos, Democratic presidential candidate Joe Biden, among others, were also compromised and began promoting the scam.
As soon as Twitter became aware of the incident, it blocked the affected accounts and removed Tweets posted by the attackers. The company says it would restore access of the compromised accounts to the original owners only when they are certain that they can do so securely.
We all feel terrible this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.Jack Dorsey, Twitter’s chief executive
The company said it is still investigating the breach and what other data may have been compromised.
“We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it,” Twitter said.
Product chief Kayvon Beykpour also released a public statement on his personal account.
Our investigation into the security incident is still ongoing but we’ll be posting updates with more detail soon. In the meantime I just wanted to say that I’m really sorry for the disruption and frustration this incident has caused our customers.Kayvon Beykpour, Product Chief, Twitter
The crypto-scam has also warranted the response of the FBI whose San Francisco field office said it is aware of the security incident involving several Twitter accounts belonging to high profile individuals.
“The accounts appear to have been compromised in order to perpetuate cryptocurrency fraud. We advise the public not to fall victim to this scam by sending cryptocurrency or money in relation to this incident.”FBI
Bitcoin is a popular vehicle for this type of scam because once a victim sends the value, the very nature of Bitcoin makes it essentially impossible to recover the funds.
Security and Trust Issues
This is not the first time a twitter profile has been hacked. Jack Dorsey, Twitters CEO and co-founder also had his account attacked last August. The handle which has more than four million followers, tweeted out a flurry of highly offensive and racist remarks for about 15 minutes before the hack was detected and controlled.
The number of prominent accounts impacted in this recent hack makes it the biggest security incident in Twitter’s history.
A hack like this is particularly perturbing due to the fact that many world leaders use Twitter. President Donald Trump and other political leaders use official tweets to announce major policy decisions.
A hack that took over an account belonging to one of those leaders could have serious consequences.
Compromised Twitter internal employee tools
On Wednesday evening, Twitter revealed that its own internal employee tools were compromised in a coordinated social engineering attack. These tools were then employed by the hackers in the attack. The hackers then used Twitter’s internal systems to tweet from the high-profile accounts.
According to security experts, the wide-ranging attacks hinted that the problem was not caused by lax security measures by the account owners targeted but by a security flaw in Twitter’s service.
Alex Stamos, director of the Stanford Internet Observatory and the former chief security officer at Facebook said there was a range of other theories, but all suggested that the attackers got inside Twitter’s system, rather than stealing the passwords of individual users.
Although the hackers only used their access to ask for bitcoins, this is a major security concern because the loophole could have easily caused much more havoc.
Biggest Twitter hack is part of widespread crypto scam
The Hacker News media organisation, while calling this the biggest Twitter hack ever, described it as part of a widespread cryptocurrency scam which only just hit Twitter.
According to the agency, about 400 websites linked to the attack are already been tracked by RiskIQ, a global leader in attack surface management which helps organisations discover, understand, and mitigate exposures across all digital channels.
Describing the attack as not a seasonal or one-off affair, it also revealed the attackers have vast and dedicated infrastructure which they maintain year to year for the purpose of the continuous attack on unsuspecting platforms.
While Twitter has since apologised and assured its users that it has taken significant steps to limit access to its systems and tools, users are however disturbed by its inability to prevent the attack on their internal systems in the first place.
Crypto watchdog Whale alert warned that scams and hacks would increase in the future as scammers get even bolder due to the near impossibility of tracking them down. We don’t need any more proof of their boldness than this.
Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!