Twitter is experiencing a widespread security breach, resulting in a number of high profile accounts encouraging their followers to send Bitcoin to an unknown account. Twitter’s official Support account has acknowledged the breach, saying they are actively investigating the issue and working on a fix.
Hours after the hack, Twitter CEO Jack Dorsey apologised for the security breach and says that the team at Twitter is still working to understand how the hack occurred.
High-profile Twitter accounts including Barack Obama, Jeff Bezos, Elon Musk, Joe Biden, Uber and Apple have been hacked in an internal breach that is believed to be one of the largest social media attacks ever.
Hackers claimed to have paid one or more Twitter staff for access to internal systems which allowed them to hijack the accounts and post tweets asking users to send them Bitcoin.
Around 300 people were duped by the tweets, sending $1118,000 to the hackers before Twitter took the tweets down and then locked all verified accounts to stop the breach spreading further. In total, the attack lasted for four hours.
Twitter has confirmed that hackers had targeted its employees in a ‘coordinated social engineering attack’, but did not give details about what that involved.
Social engineering attacks usually involve users being duped into giving out security information, or pressured into complying with a hacker.
Screenshots of what appeared to be internal Twitter systems were also circulated online after the attack, with users who posted it suspended and the image taken down by Twitter for ‘breaching its rules’.
The image appeared to show functions available to high-level Twitter administrators, including the ability to suspend, permanently suspend, or ‘protect’ user accounts.
Other tools included a ‘trends blacklist’ and ‘search blacklist’, suggesting that Twitter is able to limit how easily an account’s tweets appear across the site.
Twitter’s support page stated:
‘We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
‘We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf.
‘We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.
‘Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers.
‘We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this.
‘This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do.
‘We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely.
‘Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.’
The fraudulent tweets all followed a similar formula, and directed potential victims to send bitcoin to the same anonymous wallet.
‘I am giving back to my community due to COVID-19!’ read the scam tweet posted to Obama’s account.
‘All Bitcoin sent to my address below will be sent back doubled. If you send $1,000, I will send back $2,000!’ the fake message continued.
Most of the fraudulent tweets disappeared within minutes of first being posted, suggesting that Twitter administrators were playing whack-a-mole with the attacker.
Although many users knew the gesture was the working of a cybercriminal, others replied they sent money to the listed account.
Many Twitter users posted screenshots of bitcoin transfer receipts to the wallet listed in the scam, claiming they had been duped before realizing the scam.
Publicly available blockchain records show that the apparent scammers have already received more than $100,000 worth of cryptocurrency, with the amount still growing.