Twitter continues to investigate what it calls a 'coordinated social engineering attack' which saw accounts of very popular Twitter users hacked in a Bitcoin scam. The Twitter accounts of Bill Gates, Elon Musk, Barack Obama, Joe Biden, Kim Kardashian West, Warren Buffet, Jeff Bezos, Apple’s corporate account, Uber’s corporate account and more were hacked, and have since been locked down by Twitter. Jack Dorsey, co-founder and CEO of Twitter said it was a tough day for the social media platform. The hacked accounts were used to post a Bitcoin scam message inviting other Twitter users to send payments to a BTC address with the promise of doubling the amount in return. It turns out that the scam did work for whoever laid it out. According to Blockchain.com tracking the BTC account, as much as $118,211.37 (that is 12.86252562 BTC) has been received and much of it has been taken out as well leaving the account bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh now hosting a grand total of just $83.40 at this time.
The scam appeared to happen in two waves, The first tweets from Bill Gates and Elon Musk's accounts hinting at the Bitcoin scam were deleted. The hackers persisted, and the scale only got larger from then onwards. Twitter has completely restricted access to the breached accounts for the time being, and a lot of other Twitter accounts also do not have the ability to tweet, change passwords and more since they are in a locked-down state, for most intents and purposes. "We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely," says Twitter. The social media platform believes it was a 'coordinated social engineering attack' and confirm that hackers "successfully targeted some of our employees with access to internal systems and tools." Twitter is slowly reactivating the ability to tweet for a lot of accounts, but they say this could fluctuate through the day as they continue to investigate what happened.
We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.
— Twitter Support (@TwitterSupport) July 15, 2020
According to Blockchain.com tracking the BTC account, as much as $118,211.37 (that is 12.86252562 BTC) has been received and much of it has been taken out as well leaving the account bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh now hosting a grand total of just $83.40 at this time
Through the night, News18.com was covering the updates as the Twitter hack unfolded (you can follow that sequence here)
Twitter is suspecting that there could also be more malicious activity on the part of the hackers who took control of popular Twitter user accounts via employee access route. “We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it,” says Twitter. It is very likely, considering the fact that this scam was very successful in terms of the transactions done towards the BTC account, that direct messages were also sent as part of the hack.
Earlier, Jack Dorsey also tweeted saying it has been a “tough day” for the social media platform. “Tough day for us at Twitter. We all feel terrible this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened,” he said while sharing his love for his teammates.
The scale of this hack, testified by the $118,211.37 amount tracked to this scam account, is perhaps best understood by the fact that Twitter, as one of its first measures, blocked the ability to tweet. That is, for a large majority if not all, of the 359,000 verified Twitter accounts—that is Twitter pretty much shutting down Twitter, for a significant amount of time.