Recently, a number of high-profile accounts were hacked on Twitter in a scheme that managed to snag over $300,000 in Bitcoin from hoodwinked users. Twitter even shut down the affected accounts, blocking them from tweeting for a few hours until they could uncover more intel into what exactly happened.
On July 15, a collection of verified accounts including celebrities, brands, and politicians “started tweeting out a message promoting a crypto giveaway, in which funds sent to a specified bitcoin wallet would return double the amount to the sender,” according to Social Media Today.
What were some of the compromised accounts? The 130 hacked profiles included, among others:
- Kanye West
- Joe Biden
- Bill Gates
- Jeff Bezos
- Elon Musk
- Mike Bloomberg
- Barack Obama
- Warren Buffet
- Kim Kardashian
How did the hackers do it? Twitter says:
We believe attackers targeted certain Twitter employees through a social engineering scheme. […] The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets.
According to Social Media Today:
[A] hacker going by the name of ‘Kirk’ was able to gain access to Twitter’s administration tools by first being added to Twitter’s internal Slack channel, where the details he needed had been posted in various exchanges. With this newfound access to Twitter’s control panel, Kirk claims to have first sought to sell usernames in the gaming community, where single letter handles (like @y, for example) are particularly popular.
After recruiting other hackers to assist in his plan, Kirk began selling usernames on Wednesday morning, with the prices for the hacked profiles quickly rising rapidly throughout the day. Given that initial success, Kirk then turned his attention to taking control of celebrity accounts, through which he eventually claims to have netted around $180k from people that had been duped by the fake messages.
In the end, the ultimate reason for the breach was human error. It remains to be seen whether the hack will undermine trust in the tech giant.