Twitter accounts of Apple, Uber, former President Barack Obama, Amazon CEO Jeff Bezos, Democratic presidential candidate Joe Biden, hip-hop mogul Kanye West, and former New York City mayor and billionaire Mike Bloomberg, Elon Musk, Bill Gates, among others, were the targets of this massive security breach on a social media site.
The accounts mentioned above posted the same tweet, and all of them were instructing people to send cryptocurrency to the same bitcoin address. The tweets were removed throughout the afternoon, shortly being posted.
Last year twitter hack
Last year also, there have been high profile hack on individual accounts on Twitter, including the CEO of Twitter Jack Dorsey. But this kind of attack made one thing clear that unusual broad access to internal controls of twitter was in the hand of those hackers. While the twitter security team couldn’t find out how the attack was originated and went on for hours, some cybersecurity experts speculated that someone might have gained access to internal Twitter controls allowed them to take over and post on the accounts.
Tweets during the hack
These are the exact tweets that were posted on the social media site; The hacker used the method of cryptocurrency to avoid himself for getting tracked down. With the use of high profile accounts on twitter, hackers posted and played phishing to send BTC to the given address, and the account posting such tweet will send it back with getting it doubled.
With the use of such tweets, the hacker gained over $100,000 in a few minutes. It was obvious that big-name personalities like Elon musk and bill gates are also very humble and generous people on whom anyone can believe keeping that in mind they are top billionaires, people easily fell into the trap that they’re sure that they are going to get their money doubled from them.
What researchers have to say!
“This is a SCAM, DO NOT participate!” Cameron Winklevoss, a bitcoin investor and co-founder of Gemini, wrote of Musk’s tweet.
Cameron Winklevoss, who is a bitcoin investor and the co-founder of Gemini, replied to Elon Musk’s tweet, “This is a SCAM, DO NOT participate!”.
Gemini’s account was also hacked the same day,
Gate’s was one of the great profiles to target next. It was then confirmed by Spokeswoman Bridgitt Arnold that Spokeswoman Bridgitt Arnold that Gate didnt tweeted anything like that, and also twitter was working to fix and restore their account.
At the same time, Uber’s official account also tweeted that “Due to Covid-19, we are giving back over $10,000,000 in Bitcoin! All payments sent to our address below will be sent back doubled.”
Twitter support team reaction to the hack
“This is massive,” said cybersecurity expert Rachel Tobac, the CEO of SocialProof Security. “This is most likely the largest attack I’ve ever seen. We are extremely lucky that these attackers are monetarily motivated and not sowing mass chaos all over the world.”
The attack had also partially shut down the network. Twitter said in a tweet on Wednesday afternoon that some users weren’t able to tweet while it was addressing the incident. Users with the checkmark(blue tick verified accounts) Twitter reported that they weren’t able to tweet.
Twitter started letting those verified accounts to tweets again but also warned them that the functionality might come and go, as they worked on a fix to the breach.
Later the same night, the CEO of Twitter tweeted that the company is currently diagnosing and will share everything once it’s done and with a complete understanding of exactly what happened. Then, at last, he called it a “tough day ” on Twitter.
Twitter said in a later tweet that it “detected a coordinated attack by people who successfully targeted some of our employees with access to internal systems and tools.”
The hackers used that access to take over the accounts.
After that, in one more tweet, they said that they have detected what they believe to be a coordinated social engineering attack by people who successfully targeted some of their employees with access to twitter’s internal systems and on their tools.
They know hackers used this access to take control of many highly-visible (including verified) accounts and Tweets on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.
Get the latest tech news and updates, ethical hacking tutorials and cyber security tips and tricks. Check out MeuSec for more.