Twitter suffered what seems to be one of the biggest hacks the platform has ever seen on Wednesday, July 15th. Accounts of several well-known companies and personalities were hijacked for a bitcoin scam. It included accounts of Apple, Elon Musk, Bill Gates, Barack Obama, Jeff Bezos, Kanye West, among others. The hacker behind the Twitter hack reportedly gained access to a Twitter “admin” tool on the company’s network, which allowed them to take control of high-profile Twitter accounts, TechCrunch reports.
Once these accounts were compromised, the hacker was able to send out a tweet that read something along the lines of, “Feeling grateful doubling all payments sent to my BTC address! You send $1,000, I send back $2,000! Only doing this for the next 30 minutes,”. The tweet included a bitcoin address, which is presumed to be of the hacker’s. Once Twitter realised what was going on, it began limiting tweets. “We’re continuing to limit the ability to Tweet, reset your password, and some other account functionalities while we look into this. Thanks for your patience.” As of a few hours ago, Twitter said most verified accounts would be able to tweet again.
Most accounts should be able to Tweet again. As we continue working on a fix, this functionality may come and go. We’re working to get things back to normal as quickly as possible.— Twitter Support (@TwitterSupport) July 16, 2020
The cryptocurrency scam tweet that was posted on several high-profile accounts was taken down soon enough, but the hacker was reportedly able to make over $100,000 within hours of the hack. We still don’t know whether this was the work of an individual hacker or a group of hackers. According to a report by Motherboard, there are a number of underground hacking circles that have been sharing screenshots of an internal Twitter administration tool that was used to hack the accounts of famous personalities.
Twitter began investigating the incident and detailed what it was able to find in its preliminary research. The platform says that the hack was “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
Our investigation is still ongoing but here’s what we know so far:— Twitter Support (@TwitterSupport) July 16, 2020
Once Twitter was aware of the hack, it locked down the affected accounts and removed the tweets posted by the attackers. Twitter also temporarily limited functionality of verified accounts. The company says it will restore access once it has verified that it is secure to do so. Twitter also said that it has taken steps to limit access to internal systems and tools.