Twitter accounts of personalities (Barack Obama, Bill Gates, Elon Musk, Jeff Bezos, Joe Biden, Mike Bloomberg, Warren Buffett, etc.), large American companies (Apple, Uber, etc.) and platforms specializing in bitcoin (Coindesk, Coinbase, Binance) were victims of a massive hack on the social network, Wednesday, July 15. Fraudulent tweets were published on these certified accounts, before being quickly deleted.
Nearly 116,000 dollars paid in bitcoins, Twitter accounts blocked
Twitter were invited to send bitcoins to addresses mentioned in the tweets. In exchange, the pirate promised to send double the amount announced.
Un piratage massif de comptes Twitter vérifiés est en cours.
La liste (qui s’allonge) est démente : Barack Obama, Bill Gates, Elon Musk, Joe Biden, Warren Buffett, Kanye West, Jeff Bezos…
Les enjeux sont vertigineux. C’est le plus gros hack de Twitter de l’histoire. pic.twitter.com/fkEzkx3D8D
— François d’Estais (@fdestais) July 15, 2020
The specialized site Blockchain.com, which records transactions made in cryptocurrency, announced that nearly $ 116,000 (12.58 bitcoins) were paid to some of the addresses mentioned.
An internal Twitter survey
In a thread published overnight Wednesday through Thursday, the @TwitterSupport account explained that it was the victim of a ” social engineering attack coordinated by people who managed to target some of our employees with access to internal systems and tools. “.
The social network, which launched an internal investigation, then said: “ We know they used this access to take control of a lot of high-profile accounts (some of which are certified) to tweet on their behalf. (…) As soon as we learned of this incident, we immediately locked the affected accounts and deleted the tweets posted by the hackers ”.
Many temporarily blocked verified accounts
Measures were also taken within the company ” to limit access to internal systems and tools while the investigation continues .” Among the actions taken, Twitter limited the functionality of its platform to a larger group of accounts, beyond the profiles targeted by the attack. Thus, many certified user accounts were blocked for several hours, preventing them from posting or accessing the content of their profile.
Jack Dorsey, CEO and co-founder of Twitter, wanted to speak on the situation:
Tough day for us at Twitter. We all feel terrible this happened.
We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.
💙 to our teammates working hard to make this right.
— jack (@jack) July 16, 2020
Suspicions of internal complicity
According to elements collected by the Motherboard site, the hackers would have had access to an internal control panel on the social network. This is how they were able to change the email address associated with the affected accounts to gain control. ” We used a representative who literally did the work for us, ” said a source cited by the American site. Another source assures that the accomplice within Twitter was paid by the authors of the hack.
If Twitter has already been the victim of targeted attacks in the past, as in March 2017 where a large number of certified accounts had been targeted (Amnesty International, the French Ministry of the Economy or the BBC North America), this last episode has become even more important. Just over three months before the presidential elections in the United States, he also raises the question of cybersecurity, which should be one of the main subjects of the debate between the candidates.