Social media giant Twitter went under its biggest ever cyberattack this Wednesday. The attackers hacked the accounts of famous political and business leaders to spread a free Bitcoin giveaway scam.
A number of Twitter accounts were breached almost simultaneously yesterday to share the same Bitcoin-related message, which offered to send digital coins to the given Bitcoin wallet address in order to get back a doubled amount of Bitcoins in 30 minutes. The scheme is widely used in Bitcoin giveaway scam, that attempts to defraud money from various people via social media impersonation.
In a few hour’s time the same message was spread via more than 3000 Twitter accounts. The compromised accounts include prominent names like billionaires Bill Gates, Elon Musk, Jeff Bezos, Warren Buffet, Micheal Bloomberg, Kanye West as well as political leaders, President Barack Obama, and candidate Joe Biden. The scammers also hacked into Apple’s and Uber’s Twitter account.
According to Bloomberg, over 12 Bitcoins worth more than $110,000 were sent to the given Bitcoin wallet address. Reportedly, the leading cryptocurrency exchange Coinbase has blocked the ability for its users to send funds into the fraudster’s account.
During the attack, the real account owners were deprived of the ability to log into them and post tweets as their passwords were immediately changed. However, some of the compromised accounts were secured by strong passwords and two-factor authentication, Bloomberg claims.
Tough day for Twitter
It is under investigation yet, what caused the biggest ever cyberattack on a social media platform. However, the company already announced the breach to be a coordinated social engineering attack that exploited Twitter employees to gain access to the platform’s internal systems and tools.
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.— Twitter Support (@TwitterSupport) July 16, 2020
With the internal investigation ongoing Twitter immediately locked the affected accounts and removed the tweets made by the attackers. In a series of tweets, the Twitter support claimed to be working on restoring the compromised accounts.
The company limited functionality for all verified Twitter accounts including the ones that have not been compromised, for a short time due to the ongoing investigation. The support further announced it has made significant steps to limit access to internal systems and tools as well.
The CEO Jack Dorsey also posted a message, claiming this to be the “tough day for Twitter”. Alongside his claim, that the company feels terrible for the attacks, its team will be sharing all the news regarding the investigation once it will have a better understanding of what really happened.
Tough day for us at Twitter. We all feel terrible this happened.— jack (@jack) July 16, 2020
We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.
💙 to our teammates working hard to make this right.
In the meantime, the online community is sharing their insights that include someone inside Twitter who was responsible for the largest attack against social media platform in history in terms of affected accounts.
The Vice Motherboard, a popular online tech magazine cites the anonymous informer that claims the number of Twitter accounts were taken over by using an internal Twitter’s tool, which allows changing the email addresses.
However, the ability to access internal tools is only possible by exploiting the security vulnerability in Twitter’s login system or by gaining the credentials of the company’s employee. The version of a malicious insider working for the social media giant or for the software vendor is also on air.