A number of high-profile Twitter accounts were simultaneously hacked on Wednesday, July 15, 2020, by attackers to spread a cryptocurrency scam.

Billionaires Elon Musk, Jeff Bezos and Bill Gates are among many prominent US figures targeted by hackers on Twitter in an apparent Bitcoin scam. The official accounts of Barack Obama, Joe Biden and Kanye West also requested donations in the cryptocurrency.

At this time, Twitter believes attackers targeted certain Twitter employees through a social engineering scheme. The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through their two-factor protections.

Twitter wrote in a blog post that attacker had accessed tools only available to their internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets.

We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken. In addition, we believe they may have attempted to sell some of the usernames.

Twitter wrote in a blog post

For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. This is a tool that is meant to provide an account owner with a summary of their Twitter account details and activity.

The blog post read :

READ
Hyundai’s Global Sales Fall 3.7 Percent in November as Demand Wanes

We became aware of the attackers’ action on Wednesday and moved quickly to lock down and regain control of the compromised accounts. Our incident response team secured and revoked access to internal systems to prevent the attackers from further accessing our systems or the individual accounts. As mentioned above, we are deliberately limiting the detail we share on our remediation steps at this time to protect their effectiveness and will provide more technical details, where possible, in the future.

In addition to our efforts behind the scenes, shortly after we became aware of the ongoing situation, we took preemptive measures to restrict functionality for many accounts on Twitter – this included things like preventing them from Tweeting or changing passwords. We did this to prevent the attackers from further spreading their scam as well as to prevent them from being able to take control of any additional accounts while we were investigating. We also locked accounts where a password had been recently changed out of an abundance of caution. Late on Wednesday, we were able to return Tweeting functionality to many accounts, and as of today, have restored most of the accounts that were locked pending password changes for their owners.”

Twitter said that they are continuing their investigation of this incident, working with law enforcement, and determining longer-term actions they should take to improve the security of the systems.

READ
Tor Project Urges Volunteers to Deploy WebTunnel Bridges to Combat Escalating Censorship

What The Attackers Accessed ?

For the 130 accounts that were targeted, here is what Twitter know as of today.

  • Attackers were not able to view previous account passwords, as those are not stored in plain text or available through the tools used in the attack.
  • Attackers were able to view personal information including email addresses and phone numbers, which are displayed to some users of our internal support tools.
  • In cases where an account was taken over by the attacker, they may have been able to view additional information.

We’re acutely aware of our responsibilities to the people who use our service and to society more generally. We’re embarrassed, we’re disappointed, and more than anything, we’re sorry. We know that we must work to regain your trust, and we will support all efforts to bring the perpetrators to justice. We hope that our openness and transparency throughout this process, and the steps and work we will take to safeguard against other attacks in the future, will be the start of making this right.”

Twitter previously confirmed that its own internal employee tools were used to facilitate the account takeovers, and suspected that its employees had fallen for a social engineering scam — now, the company is going further to say definitively that the attackers “successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections.”

READ
Spotify Now Supports Google’s Gemini Extensions for Voice-Controlled Music Search