One of the world’s biggest social media security breaches took place on Tuesday when hackers were able to take over verified Twitter accounts for an alleged Bitcoin scam…
Kanye West, Barack Obama, Bill Gates, and Elon Musk’s accounts were compromised, with hackers posting calls to their followers to deposit bitcoin in exchange for a massive return on investment.
Bill Gates’s account tweeted: “”Everyone is asking me to give back, and now is the time. I am doubling all payments sent to my BTC address for the next 30 minutes. you Send $1000, I send you back $2000… Only going on for 30 minutes! Enjoy!”
It is not clear yet how much money the hackers manged to get from followers in the “charity” scam. The hackers have allegedly conveyed a message that the money would go to charity.
The twitter hack being claimed as a “Charity Hack”, need to wait and see if that’s true. Nevertheless, I’m not sure posing as a billionaire to steal money from people is the right way to go about raising money for charity.
— Nexus (@Nexus5272) July 16, 2020
Other accounts that were affected included:
- Kim Kardashian
- Uber’s ride-sharing app
Jason Koebler, editor of Motherboard at VICE Media says that the publication spoke to one of the hackers. “Were able to confirm how they got accounts: Twitter employee used internal tool to change email addresses associated with accounts. Twitter seems to have just confirmed this in tweets as well.” Read the article HERE.
OK, we talked to another hacker. Were able to confirm how they got accounts: Twitter employee used internal tool to change email addresses associated with accounts. Twitter seems to have just confirmed this in tweets as wellhttps://t.co/2emeiH7gs1
— Jason Koebler (@jason_koebler) July 16, 2020
Many called out Twitter on this alleged security weakness, questioning how Twitter employees could access accounts internally, and tweet as the verified user.
What I want explained is how and why it is possible at all for any employee to tweet as another user. What is the mechanism that allowed this and why does it exist?
— TechSquidTV (@TechSquidTV) July 16, 2020
Twitter just proved how reckless it is for Donald Trump to be socially and politically active on this platform.
A hacker could take over his account and say ANYTHING damaging both foreign and domestically. The possibilities are endless. The ramifications could be catastrophic.
— John (@DotDotDot_John) July 16, 2020
Twitter security pic.twitter.com/sFSE9Ma2Dr
— my name is Sanghi (@bagga_daku) July 16, 2020
Kaspersky cybersecurity comment on the hack:
“This major scam flags the fact that we are living in the era when even people with computer skills might be lured into scammers trap, and even the most secure accounts can be hacked,” says Dmitry Bestuzhev, cybersecurity expert at Kaspersky.
“To our estimates, at current, at least 367 users have transferred around 120,000 dollars in total to attackers. Today we see how, along with new attack vectors, scams combine old and effective techniques, to use a surprise element and gain people’s trust to facilitate the attack and lure victims into a trap.”
Twitter CEO Jack Dorsey tweeted on Tuesday:
“Tough day for us at Twitter. We all feel terrible this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened. Thanks to our teammates working hard to make this right.”
Tough day for us at Twitter. We all feel terrible this happened.
We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.
💙 to our teammates working hard to make this right.
— jack (@jack) July 16, 2020
In order to prevent hackers from posting more messages on the accounts, Twitter temporarily stopped thousands of verified accounts from posting.
“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” said Twitter on its verified account.
Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers.
— Twitter Support (@TwitterSupport) July 16, 2020
“We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it. Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers. We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this.”
“Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.”
Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.
— Twitter Support (@TwitterSupport) July 16, 2020
How to recognise a social media scam:
Bestuzhev from Kaspersky advises the following:
- The most important element of every scam is a time limit. Not only that it prevents a victim from conducting a thorough check on the matter, but it also adds some psychological pressure on the user, making it easier for them to overlook details. Being afraid of missing a great opportunity, even the most careful people might be seduced into taking a risk and falling for attackers’ trick.
- In this case, the scam has also been thoroughly tailored to the personality of the owner or the tone of voice of the hacked account, which made it seem legitimate. Criminals might even go further and illustrate the scam with an authentically looking design or use deepfakes. One must always keep in mind that official campaigns or even individual initiatives of such scale always have prescriptive documents to support even the briefest promo offer, and are placed outside of social media. In addition, the financial part is usually more transparent and not tied to private bitcoin wallets.
- Remember, that it is highly unlikely that any official enterprise or established individual will ask you to transfer money, even to return them later, even as a joke, due to possible issues with taxes and financial reporting.