Twitter accounts of Barack Obama, Apple, Joe Biden, & more hijacked for crypto scam

midian182

Posts: 5,866   +48
Staff member
What just happened? We’ve seen hackers take over verified Twitter accounts in the past, but yesterday saw an attack that was unprecedented in scale. A number of high-profile users, including Barack Obama, Joe Biden, Apple, Bill Gates, Kanye West, and Jeff Bezos, had their profiles hijacked by apparent crypto scammers. Now, Twitter says the incident was the result of a coordinated social engineering attack that targeted its employees.

The compromised accounts sent out the kind of scam messages familiar to many internet users. They began with a pledge to give back to the community, with some mentioning Covid-19, and promised that those who sent bitcoin to the included address would receive double in return.

According to public records, around $120,000 was paid into the perpetrator’s wallet. Half of the senders had funds in US bitcoin exchanges, a quarter in Europe and a quarter in Asia, according to forensics company Elliptic (via Reuters). That amount could have been even higher, were it not for multiple crypto exchanges blocking payments after their Twitter accounts were hacked.

To stop more messages being sent out, Twitter locked down all of its verified users. As the accounts were able to retweet old tweets, some took to constructing messages out of single words or letters. Musician Lil Nas X used his recently created, unverified account to post messages, which were then retweeted by his locked, verified account.

Many of the compromised accounts used two-factor authentication, suggesting the problem came from Twitter’s end. The company later confirmed that employees with access to internal systems and tools had been targeted in coordinated social engineering attacks. The access was used to take control of the high-profile accounts.

TechCrunch reports that the person behind the hack goes by the handle “Kirk,” who used an internal Twitter tool to reset the associated email addresses of affected accounts to make it difficult for an owner to reset their password. Kirk was initially trying to sell stolen vanity usernames but moved onto hijacking the accounts.

Twitter said it was investigating “what other malicious activity they [the hackers] may have conducted or information they may have accessed.”

The incident is a disaster for Twitter’s reputation. The company has come under fire for its slow response, and the fact that many impacted accounts used 2FA leaves questions over the security of a platform used by President Trump.

Permalink to story.

 

Angga B

Posts: 72   +73
Those internal twitter employees/engineers are too busy policing social political message in their platform rather than doing their actual engineering works.On the other hand this level of infiltration could only be mean that so many if not all million/billion accounts as already compromised.

Better change your password today peepz, or better, completely leave them altogether. Which sounds appropriate, you know, to let these employees/engineers focus on their sociopolitical activism unihindered with actual works of technically operating the platform.
 

QuantumPhysics

Posts: 3,044   +2,860
Despite a global pandemic, the government printing TRILLIONS in new money, cost-of-living inflation, recession and the HALVING, bitcoin still can’t manage to stay at $10,000 or more.

It’s currently trading under $9200.

My belief is that these recent hackings of bitcoin will be the final nails in its long-term coffin because more government regulation and intervention will continue to keep it suppressed.

My belief is the government(s) wants to keep the price of Bitcoin under $10,000
 

LeroN

Posts: 103   +50
Actually it's not so difficult to get access to social network accounts. Hackers impersonate their services and push people changing password on fishing websites. But Web hosting companies do nothing to stop it. I tried to fight with that the last month but most of them ignore fraud reports and do it under such weird conditions like sending my information to a "compromised" account's owner. Or report forms have no sense like asking for the abusive page while spam emails are sent via a local server. Absolutely none worries because no penalties for that and no control. I give up.
 

Mister_K

Posts: 1,917   +610
Those internal twitter employees/engineers are too busy policing social political message in their platform rather than doing their actual engineering works.On the other hand this level of infiltration could only be mean that so many if not all million/billion accounts as already compromised.

Better change your password today peepz, or better, completely leave them altogether. Which sounds appropriate, you know, to let these employees/engineers focus on their sociopolitical activism unihindered with actual works of technically operating the platform.
The chances that this is an internal Twitter problem are extremely low. With 2FA, decent varied password and social media managers who run the accounts that are not suseptible to social engineering hacks you have nothing to worry about.

Password breaches happen but this is most likely not the one.

Twitter is however a disease and so is Facebook and pretty much every other social site. Although Instagram has good uses for things you actually care about and YouTube is just amazing (ex the algorithms and ****ing over content creators).
 
  • Like
Reactions: wiyosaya

wiyosaya

Posts: 5,321   +3,424
Actually it's not so difficult to get access to social network accounts. Hackers impersonate their services and push people changing password on fishing websites. But Web hosting companies do nothing to stop it. I tried to fight with that the last month but most of them ignore fraud reports and do it under such weird conditions like sending my information to a "compromised" account's owner. Or report forms have no sense like asking for the abusive page while spam emails are sent via a local server. Absolutely none worries because no penalties for that and no control. I give up.
It sounds very similar to what happened to me last year when I attempted to report a similar case to crApazon. I use sneakemail.com and thus my crApazon e-mail address is unique. I forget exactly what happened, but I reported it to crApazon. All I got back from them was typical crApazon hubris along the lines of "yeah, right." About a month or two later, I read reports of a crApazon hack.

Despite what our fellow TS user above says about engineers being too busy policing, I think its a case of "social media" sites that do not GAF about anything other than profit and fail to aggressively try to hack their own systems in order to uncover vulnerabilities like this.

Twitter is however a disease and so is Facebook and pretty much every other social site. Although Instagram has good uses for things you actually care about and YouTube is just amazing (ex the algorithms and ****ing over content creators).
Maybe they will start listing that disease in the ICD code document sometime in the future. Social Media Disease sounds about right to me. :laughing:

utub does have some excellent fix it videos, however, there is certainly quite a bit of garbage on utub.
 

AfraidOfTheWind

Posts: 14   +5
Ok, one of the biggest breaches in history and I'm supposed to believe this was about collecting a pittance in bitcoin? Nah man, the real treasure is information.

At this point we need to assume that anything stored digitally is or will become public. Careful folks.
 
  • Like
Reactions: wiyosaya

Dimitrios

Posts: 657   +470
Those internal twitter employees/engineers are too busy policing social political message in their platform rather than doing their actual engineering works.On the other hand this level of infiltration could only be mean that so many if not all million/billion accounts as already compromised.

Better change your password today peepz, or better, completely leave them altogether. Which sounds appropriate, you know, to let these employees/engineers focus on their sociopolitical activism unihindered with actual works of technically operating the platform.
Well said!!!!!!!!!!!!!! You win best comment for the year!
 

candle_86

Posts: 412   +304
Ok, one of the biggest breaches in history and I'm supposed to believe this was about collecting a pittance in bitcoin? Nah man, the real treasure is information.

At this point we need to assume that anything stored digitally is or will become public. Careful folks.
Anyone that doesn't realize this already an *****
 
  • Like
Reactions: wiyosaya

bluetooth fairy

Posts: 147   +92
Do you think, it is rather attempt to discredit the platform (used by the pres) than plain hacking? I bet Kirk raised more $ on Musk's twitter account. Because who in their mind would believe in such an activity of an ex-gov officials? I'd also choose different wallets and more creative approach for messages. Just to make it look different, to ensure more people clicking on it.
 
Last edited:
  • Like
Reactions: Charles Olson