One of the world’s biggest social media security breaches took place on Tuesday when hackers were able to take over verified Twitter accounts for an alleged Bitcoin scam…

Kanye West, Barack Obama, Bill Gates, and Elon Musk’s accounts were compromised, with hackers posting calls to their followers to deposit bitcoin in exchange for a massive return on investment.

Bill Gates’s account tweeted: “”Everyone is asking me to give back, and now is the time. I am doubling all payments sent to my BTC address for the next 30 minutes. you Send $1000, I send you back $2000… Only going on for 30 minutes! Enjoy!”

It is not clear yet how much money the hackers manged to get from followers in the “charity” scam. The hackers have allegedly conveyed a message that the money would go to charity.

Other accounts that were affected included:

  • Kim Kardashian
  • Uber’s ride-sharing app
  • Apple

Security worries

Jason Koebler, editor of Motherboard at VICE Media says that the publication spoke to one of the hackers. “Were able to confirm how they got accounts: Twitter employee used internal tool to change email addresses associated with accounts. Twitter seems to have just confirmed this in tweets as well.”  Read the article HERE.

Many called out Twitter on this alleged security weakness, questioning how Twitter employees could access accounts internally, and tweet as the verified user.

 

Kaspersky cybersecurity comment on the hack:

“This major scam flags the fact that we are living in the era when even people with computer skills might be lured into scammers trap, and even the most secure accounts can be hacked,” says Dmitry Bestuzhev, cybersecurity expert at Kaspersky.

“To our estimates, at current, at least 367 users have transferred around 120,000 dollars in total to attackers. Today we see how, along with new attack vectors, scams combine old and effective techniques, to use a surprise element and gain people’s trust to facilitate the attack and lure victims into a trap.”

Twitter’s response

Twitter CEO Jack Dorsey tweeted on Tuesday:

“Tough day for us at Twitter. We all feel terrible this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened. Thanks to our teammates working hard to make this right.”

In order to prevent hackers from posting more messages on the accounts, Twitter temporarily stopped thousands of verified accounts from posting.

“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” said Twitter on its verified account.

“We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it. Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers. We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this.”

“Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.”

How to recognise a social media scam:

Bestuzhev from Kaspersky advises the following:

  • The most important element of every scam is a time limit. Not only that it prevents a victim from conducting a thorough check on the matter, but it also adds some psychological pressure on the user, making it easier for them to overlook details. Being afraid of missing a great opportunity, even the most careful people might be seduced into taking a risk and falling for attackers’ trick.
  • In this case, the scam has also been thoroughly tailored to the personality of the owner or the tone of voice of the hacked account, which made it seem legitimate. Criminals might even go further and illustrate the scam with an authentically looking design or use deepfakes. One must always keep in mind that official campaigns or even individual initiatives of such scale always have prescriptive documents to support even the briefest promo offer, and are placed outside of social media. In addition, the financial part is usually more transparent and not tied to private bitcoin wallets.
  • Remember, that it is highly unlikely that any official enterprise or established individual will ask you to transfer money, even to return them later, even as a joke, due to possible issues with taxes and financial reporting.

 

 

Accommodation offers from

20,000 listings in 2,000 locations with 10,000 reviews.

18% DISCOUNT – From R1222 p/night

Hudsons on Twelfth

Rivonia, Gauteng

Valid until April 30 2020

66% DISCOUNT – From R1440 R518 p/night

Silver Forest Boutique Lodge and Spa

Helderberg, Somerset West

For stays between 1 Jul & 30 Sep 2020

35% DISCOUNT – From R1524 p/night

The Atrium 30

Durban, KwaZulu-Natal

Valid until April 30 2020