Posted on July 16, 2020 at 12:57 PM
“We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly,” was a message that millions of Twitter users saw some eight hours ago. It was published by Twitter Support, and later retweeted by the company’s CEO, Jack Dorsey, among others.
But, what actually happened?
As mentioned, it has been over 8 hours since the initial warning, and Twitter Support has shared some information, alongside many others who provided their input. Here is what we managed to gather up so far.
Twitter was hacked as part of a cryptocurrency scam
From what is known so far, on July 15th, 2020, Twitter suffered a massive hacking attack that simultaneously took over multiple accounts, many of which were verified. Twitter Support itself revealed this in one of their update tweets.
They also said that the attackers tweeted on the behalf of hacked accounts. While this was rather easy to spot, the company is also concerned that the attackers may have done more during their takeover of the platform.
Fueled by these concerns, they continue to investigate in an attempt to find if there were other malicious activities.
As for the hacked accounts, Twitter immediately took action to lock them down, and remove the scammers’ tweets.
However, it is known that many well-known individuals with millions of followers were hacked, including the likes of the former US President, Barack Obama, Amazon CEO Jeff Bezos, Uber and Apple corporate accounts, Bill Gates, Joe Biden, pop star Kanye West, Kim Kardashian, Warren Buffett, YouTube star MrBeast, and even Tesla and SpaceX CEO, Elon Musk, among others.
As mentioned, the tweets posted by the attackers have been removed shortly after they were posted. However, some Twitter users managed to make screenshots that show exactly what this attack was about.
As evidenced by the tweet above, the hack was a part of yet another cryptocurrency scam. The scammers hacked many wealthy individuals in an attempt to trick people out of their cryptocurrency, specifically Bitcoin.
They used the hacked accounts, such as the one owned by Elon Musk, to tweet a false offer in Musk’s name. The fake offer reads:
“Feeling grateful, doubling all payments sent to my BTC address. You send $1,000, I send back $2,000! Only doing this for the next 30 minutes.”
The attackers set up a rather short window of opportunity in order to cause the feeling of panic and urgency among Musk’s followers who happen to be Bitcoin users. With a chance to make a considerable profit, many were likely tempted to take the deal.
The attackers also conveniently posted their wallet address as part of the tweet, so that people would know where to send their coins. Naturally, no ‘double payment’ was sent back, and since crypto transactions are irreversible, anyone who may have sent the money is unlikely to ever get it back.
While this was an example of how Elon Musk’s tweet looked like, other affected accounts posted rather similar offers. Joe Biden’s tweet, deleted in the meantime, said “I am giving back to the community. All Bitcoin sent to the address below will be sent back doubled! If you send $1,000, I will send back $2,000. Only doing this for 30 minutes.”
Twitter’s slow reaction
As mentioned, Twitter Support claims to have taken action immediately, although many Twitter users stated that the attack has been taking place for over an hour before Twitter Support even knew about it.
Another user said that it took Twitter three hours from the first big compromised account’s Bitcoin offer until Twitter’s initial warning.
But, Twitter did take action eventually, and it notified the users that the incident is under investigation. In the meantime, many may have found themselves unable to reset their passwords, or even Tweet.
The limitation remained for some time, but was eventually lifted, as the company worked on the fix.
Finally, around four hours after the initial warning, Twitter provided more details about what happened.
“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools. We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it,” Twitter Support explained.
While the support team believed that it was successful in pinning down which accounts were breached, they also limited functionalities for a much larger group of accounts. That included all verified accounts, even if they had nothing to do with the attack, just to be safe, and to cover all basis.
For now, most of the compromised accounts remain under lockdown, and Twitter said that it plans to return them to their owners once the company is ensured that it can do so securely.
Twitter CEO, Jack Dorsey, also addressed the incident, as mentioned. He noted that this was a tough day for people at Twitter, and that everyone in the company feels terrible this happened.
Meanwhile, another thing that was apparently discovered by the community is that Twitter admins have some additional options, including “Search Blacklist” and “Trends Blacklist,” among others.
This was revealed in certain screenshots that were posted by admins who updated the community about the current situation. It was not long before accusations of censorship started to emerge, as various users requested an explanation for such options.
Scamming Bitcoin users
The event is undoubtedly going to be remembered as a major scam of Bitcoin users, especially since people seem to have sent over $118,000 in BTC to the attackers during the first hours of the attack.
Also, since attackers got access to numerous accounts, there is no telling what kind of sensitive information they may have managed to collect from direct messages of affected users.
The scale of the attack, as well as the speed, is another highly concerning thing. This might even raise national security concerns to an even higher level.
The FBI’s San Francisco field office said that the Bureau is aware of the security incident, advising the public not to fall victim to the scam and to not send cryptocurrency or money to anyone in regard to the incident.
Who is responsible?
Of course, one of the biggest questions right now is — who did it, and how did they do it?
For now, unfortunately, nobody seems to have an answer. If Twitter itself knows, it has not shared the identity of the attackers. As for how they did it, the company already gave an answer.
The company said that this was a ‘coordinated social engineering attack by people who successfully targeted some of our employees,’ which indicates that this may have been the result of a spear-phishing attack.
On the positive side, Twitter has taken the incident as an opportunity to learn of its own weak spots. It tweeted: “This was disruptive, but it was an important step to reduce risk.”
Of course, this likely means little to all those who were tricked into sending their coins to the attackers. In fact, this has caused quite an angry reaction among some of the users, who even demanded that Twitter ‘fires its entire staff and bring on board people who understand community concerns when they email it about it.’
The investigation continues
For now, a lot of the questions remain unanswered. The identity of the attackers remains unknown, and so do their motives. Was this another Bitcoin scam-related hack, or is there an ulterior motive? Will people who were tricked get any kind of compensation for their losses? Was this just an attempt to steal some BTC, or to manipulate its price?
For now, nobody knows. What is known is that this will likely be remembered as the most catastrophic security breach in Twitter’s history, at least so far.
Some have even suggested that this attack actually started a long time ago, when scammers started impersonating popular individuals, like Elon Musk. Musk is known for his occasional cryptocurrency mentions, and every time he mentioned Bitcoin or some other coin, the tweets caused significant price movement.
The same happened this time, and the Bitcoin price saw a sudden drop, from $9.202 to $9,145. The price seems to have started its recovery, so it wasn’t a huge drop, considering the scale of the attack. However, it did cause BTC to break a very important support level, which may lead to further drops in the short-term.