What just happened? We've seen hackers take over verified Twitter accounts in the past, but yesterday saw an attack that was unprecedented in scale. A number of high-profile users, including Barack Obama, Joe Biden, Apple, Bill Gates, Kanye West, and Jeff Bezos, had their profiles hijacked by apparent crypto scammers. Now, Twitter says the incident was the result of a coordinated social engineering attack that targeted its employees.
The compromised accounts sent out the kind of scam messages familiar to many internet users. They began with a pledge to give back to the community, with some mentioning Covid-19, and promised that those who sent bitcoin to the included address would receive double in return.
According to public records, around $120,000 was paid into the perpetrator's wallet. Half of the senders had funds in US bitcoin exchanges, a quarter in Europe and a quarter in Asia, according to forensics company Elliptic (via Reuters). That amount could have been even higher, were it not for multiple crypto exchanges blocking payments after their Twitter accounts were hacked.
To stop more messages being sent out, Twitter locked down all of its verified users. As the accounts were able to retweet old tweets, some took to constructing messages out of single words or letters. Musician Lil Nas X used his recently created, unverified account to post messages, which were then retweeted by his locked, verified account.
I love it when people finish each other's sentences ? pic.twitter.com/LpCHZrXg2L--- alex bennetts (@alexbennetts) July 15, 2020
Many of the compromised accounts used two-factor authentication, suggesting the problem came from Twitter's end. The company later confirmed that employees with access to internal systems and tools had been targeted in coordinated social engineering attacks. The access was used to take control of the high-profile accounts.
TechCrunch reports that the person behind the hack goes by the handle "Kirk," who used an internal Twitter tool to reset the associated email addresses of affected accounts to make it difficult for an owner to reset their password. Kirk was initially trying to sell stolen vanity usernames but moved onto hijacking the accounts.
Twitter said it was investigating "what other malicious activity they [the hackers] may have conducted or information they may have accessed."
Internally, we've taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.--- Twitter Support (@TwitterSupport) July 16, 2020
The incident is a disaster for Twitter's reputation. The company has come under fire for its slow response, and the fact that many impacted accounts used 2FA leaves questions over the security of a platform used by President Trump.