Billionaires Elon Musk, Jeff Bezos and Bill Gates were among many prominent US figures targeted in a Twitter hack. Barack Obama, Joe Biden and Kanye West were also targeted in the Bitcoin scam with donations requested from their accounts.
“Everyone is asking me to give back,” a tweet from Mr Gates’ account said. “You send $1,000, I send you back $2,000.” Twitter said it was a co-ordinated attack targeting its employees “with access to internal systems and tools”.
The accounts, which between them have hundreds of millions of followers, posted scam links and messages directing people to send bitcoin to particular wallets, with the promise that donations would be matched. Twitter eventually suspended all tweeting from verified accounts. Shares fell 4pc in after-hours trading.
The attack started on Wednesday evening (July 15th, 2020) when hackers gained access to a number of high-profile accounts in what was described as a “coordinated social engineering attack”, and posted scam links from their accounts, with messages suggesting people could double their money if they put cash into a bitcoin wallet.
“We know they [the hackers] used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf,” the company said in a series of tweets. It added that “significant steps” were taken to limit access to such internal systems and tools while the company’s investigation was ongoing.
Meanwhile, Twitter chief executive Jack Dorsey tweeted: “Tough day for us at Twitter. We all feel terrible this happened.”
Says Alex Bransome, Chief Information Security Officer at Doherty Associates, experts in managing and securing cloud Services:
“This was clearly a targeted and co-ordinated attack on Twitter in which hackers were able to gain access to highly privileged, internal tools. These tools usually used to administer Twitter’s systems by authorised staff, in the hands of the attackers, allowed them to take control of high-profile accounts.
“The attack appears to have begun with sophisticated social engineering. Social engineering is still the most common tool in the attacker’s arsenal, used to gain access into an organisation systems.
“It is another clear example of how we as humans are still the weakest link in the security chain. Whether that is via a malicious insider leaking sensitive information to an adversary, or clicking a link in a phishing email, it is critical this area is sufficiently covered in our security programs.”