Twitter hack: Musk, Obama, Bill Gates, Jeff Bezos, others compromised
What's the story
Microblogging platform Twitter has been hit by a massive hack by cryptocurrency scammers.
The attackers took over several high profile accounts - including those of Elon Musk, Bill Gates, Jeff Bezos - in the last few hours, and used them to trick unsuspecting users into paying crypto coins.
Twitter says it has locked the compromised accounts and is investigating the incident.
Here's what went down.
Incident
Hack targeting business magnates, celebrities, politicians, companies
A few hours ago, many verified high profile accounts began "tweeting" about 'giving back to the community' through Bitcoins.
Tweets from the accounts of Elon Musk, Jeff Bezos, Barack Obama, Joe Biden, Bill Gates, Apple went out, with slightly varying iterations of a message that requested the public to send a certain amount (mostly $1,000) and promised to double it up in return.
Details
All messages had the same bitcoin address
The messages from the high profile accounts, which have extra security measures and are less likely to be hacked, puzzled Twitter users.
But, soon, it became evident that this was a coordinated defrauding attempt by cryptocurrency scammers who had taken over the accounts.
They all tweeted varying messages but the Bitcoin address shared was the same in most of the cases.
Information
Other accounts which were compromised
Along with the aforementioned accounts, the scammers also managed to take over the accounts of Uber, hip-hop mogul Kanye West, former New York City mayor and billionaire Mike Bloomberg, CoinDesk, Binance, Ripple, Gemini, and other figures to promote crypto scams.
Action
Twitter immediately locked affected accounts, began investigation
As the attack surfaced, Twitter came into action, confirming the incident and that it is working on a fix.
"We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it," the company said, adding that the affected accounts have been locked for now and the tweets posted by the attackers have also been removed.
Reason
Early detection suggests Twitter employees were conned
While the investigation is still on, the early detection by Twitter found that some of its employees were targeted by scammers in a coordinated "social engineering attack."
As a result, they were tricked into giving away access to Twitter's internal systems and tools, which allowed the scammers to take over several high profile company and individual accounts and promote scams through them.
Twitter Post
Here's what Twitter said
We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.
— Twitter Support (@TwitterSupport) July 16, 2020
Step #1
Affected accounts still remain locked
When Twitter locked the affected accounts to investigate, it also disabled functionalities like resetting passwords, tweeting for all verified accounts, including those not affected, to prevent further hacks.
Now, it has restored those functionalities, but the compromised accounts still remain locked, with the company saying it "will restore access to the original account owner only when we are certain we can do so securely."
Step #2
Internal access also limited
Beyond that, the company has also said it has limited access to its internal systems for further security.
"Internally, we've taken significant steps to limit access to internal systems and tools while our investigation is ongoing," the company said. "More updates to come as our investigation continues."
Meanwhile, Jack Dorsey, the CEO of the company, tweeted out it was a "tough day" for them.
Twitter Post
CEO Jack Dorsey says they are diagnosing
Tough day for us at Twitter. We all feel terrible this happened.
— jack (@jack) July 16, 2020
We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.
💙 to our teammates working hard to make this right.