The company confirmed the attack Wednesday evening, more than six hours after the hack began, and attributed it to a “coordinated social engineering attack” on its own employees that enabled the hackers to access “internal systems and tools”. Twitter said it was “looking into what other malicious activity they may have conducted or information they may have accessed” in addition to using the compromised accounts to send tweets.
In order to curb it at the initial stage, Twitter imposed a short time “restriction on tweeting”, a move that is rare in itself. However, the company had restored most accounts later but warned that it “may take further actions”. The company said that it had also locked the compromised accounts and “taken steps to limit access to internal systems and tools” while it continues its investigation.
The diluted accounts, having tens of millions of followers, sent a series of tweets proposing a classic bitcoin scam: followers were told that if they transferred cryptocurrency to a specific bitcoin wallet, they would receive double the money in return. Twitter said it is looking thoroughly into the possible hacking of accounts of U.S. Presidential candidate John Biden and others. Other hacked accounts include those of Kanye West, Michael Bloomberg, uber, and a number of cryptocurrency exchanges or organizations.
The messages included the address of a bitcoin wallet whose balance grew rapidly to more than 11 BTC (more than $100,000) as the scam spread. Tweets with similar messages were repeatedly deleted and re-posted. Tweet from verified accounts including that of Apple, Biden etc. displayed a message “I am giving back to the community. All Bitcoin sent to the address below will be sent back doubled! If you send $1,000, I will send you back $2,000. Only doing this for 30 minutes. Bciqxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh. Enjoy!”
While the motives and source of the attack are not yet known, the coordinated hijacking of the verified accounts of world’s prominent leaders and organizations pose a significant threat to the highly confidential and important data of these individuals and tech giants. Twitter is widely used for official communications by governments during emergencies; a hack on the scale of Wednesday’s attack could have been more disruptive or even dangerous.
“The amount of damage this could cause is very high,” said Douglas Schmidt, a computer science professor at Vanderbilt University. “These people could hold information gleaned from the hack for ransom in the future.” Twitter issued its first statement approximately 90 minutes after scam messages began being sent out by Musk’s and Gates’ accounts, as the attack was ongoing. “We are aware of a security incident impacting accounts on Twitter,” the company said on Twitter. “We are investigating and taking steps to fix it. We will update everyone shortly.”
Twitter’s stock price plummeted more than 3% in after-hours trading. “Tough day for us at Twitter,” chief executive Jack Dorsey tweeted on Wednesday evening. “We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.” It is not the first time for high-profile figures to suffer Twitter hacks. Dorsey himself was the victim of a Sim swap attack in 2019.
But Twitter’s description of the attack suggests a much more serious breach of the company’s internal systems, carried out by tricking or otherwise persuading an employee to provide access. It is not the first time Twitter has faced an insider threat. In 2017, a customer support employee briefly deleted Donald Trump’s account. And in 2019, two former employees were charged with spying after they allegedly accessed thousands of users’ account information and provided it to the government of Saudi Arabia. Schmidt said that the attacks could be related to the fact that Twitter, like much of the rest of the tech industry, has transitioned to remote work during the coronavirus pandemic.
By Vivek Badoni
Member, Reporters’ Committee