Multiple Twitter accounts were compromised yesterday as part of a cryptocurrency scam, including the official Apple profile, Elon Musk, Bill Gates, Barack Obama, and other high-profile accounts. While Twitter claims there’s no evidence that passwords were stolen, a new report says the account hijacking was planned with the help of a company employee.
Hackers posted tweets on the affected accounts asking followers to send Bitcoin to an unknown account. “All Bitcoin sent to our address below will be sent back to you doubled,” said the message. The action lasted about an hour until Twitter locked verified accounts, which were the main target of the invaders.
According to a report from Motherboard, hackers paid a Twitter employee to gain access to accounts through an internal control panel of the social network.
This tool allows Twitter employees to change personal data for each account, such as the associated email address. Thanks to this control panel, the invaders were able to change the email addresses of specific accounts in order to gain access to them.
Twitter later confirmed that some of its employees had collaborated with the attack.
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
— Support (@Support) July 16, 2020
However, the company denies that any passwords have been leaked, arguing that users don’t need to change their passwords to keep the account safe. There’s no word on whether hackers have also obtained access to DMs from Twitter accounts, since private messages aren’t encrypted. Jack Dorsey, CEO of Twitter, promised end-to-end encrypted DMs in 2018, but that hasn’t been implemented yet.
Twitter told TechCrunch that affected people and companies will soon regain access to their accounts. Over $100,000 were transferred to the cryptocurrency wallet during the account hijacking, and now the FBI is investigating the case.
The company is yet to give more information about the incident as potential security breaches are still being investigated. Twitter stocks (TWTR) have fallen nearly 4% since yesterday’s attack, closing today at $35.20.
FTC: We use income earning auto affiliate links. More.
Comments