Twitter has announced that its own management tools have been used to take over the accounts of dozens of celebrities, politicians, and billionaires in a reported "inside job," one of the biggest social media breaches in history.
& # 39; Hard day for us on Twitter. We all feel terrible that this has happened, ”Twitter CEO Jack Dorsey tweeted, promising to share information about the violation as it became available.
The attack took place on Wednesday evening. Reports affected included presidential candidate Joe Biden, Elon Musk, Jeff Bezos, Bill Gates, Kanye West, and Kim Kardashian West.
Former President Barack Obama, the most popular Twitter account with more than 120 million followers, was targeted as well as Apple and Uber corporate accounts.
In an urgent response to the violation, Twitter took the extraordinary step of temporarily blocking all verified accounts from tweeting. The company's shares fell almost 4 percent in after-hours trading.
"While account takeovers are commonplace, this appears to be an unprecedented compromise," said Brett Callow, threat analyst at Emsisoft cyber security firm, to DailyMail.com about the violation.
Former President Barack Obama, the most popular account on Twitter with more than 120 million followers, was attacked by hackers who posted a Bitcoin scam on his account
Late Wednesday, Twitter announced that some of its employees with access to internal systems had been affected by a “coordinated social engineering attack”. This term usually refers to the use of psychological manipulation to gain access to restricted systems.
According to the motherboard, two people said they paid a Twitter insider to carry out the attack for them.
"We used a representative who literally did all the work for us," said one of the people in the publication.
& # 39; We are aware of a security incident that affects accounts on Twitter. We are investigating and taking steps to resolve the issue. We will update everyone shortly, ”the company said in a public statement.
"You may not be able to tweet or reset your password while we review and resolve this," the company added in an update.
More than an hour after the first wave of hacks, Twitter prevented at least some verified accounts from posting messages in total.
According to Neil Walsh, head of the UN Cybercrime Department, the ban has been extended to all verified accounts worldwide. This was an unprecedented step that closed an important platform for fast communication.
Verified users include celebrities and journalists, but also governments, politicians and heads of state.
On Wednesday, Twitter users with verified accounts saw this message for several hours while trying to post a tweet because the website had closed all checkmarks as a precaution
Twitter stocks fell nearly 4% in after-hours trading as the company freezed verified accounts
Although individual Twitter accounts were briefly hacked with stolen passwords in the past, the scale of the attack on Wednesday was unprecedented.
"This seems to be the worst hack of a major social media platform to date," said Dmitri Alperovitch, co-founder of CrowdStrike, a cyber security company.
Other political figures affected by the attack included Alexandria Ocasio-Cortez and former Democratic presidential candidate Mike Bloomberg.
All of the politicians affected by the injury appeared to be Democrats.
Biden's campaign was in contact with Twitter, according to a person familiar with the matter. The person said the company "blocked the Democrat's account and removed the related tweet immediately after the violation."
President Donald Trump's re-election campaign was hit by the injury, and campaign spokesman Tim Murtaugh ridiculed the fraud message as similar to Biden's political proposals.
"I've seen creative ways to disguise a tax hike, but that takes the cake," Murtaugh tweeted. "Hacked account or not, this is a perfect metaphor for Biden's pitch to taxpayers:" Give me your money! "
The fraudulent tweets all followed a similar formula, instructing potential victims to send Bitcoin to the same anonymous wallet.
"I'm giving something back to my community because of COVID-19!" Read the scam tweet posted to Obama's account.
& # 39; All Bitcoin sent to my address below will be returned twice. If you send $ 1,000, I will send back $ 2,000! & # 39; The fake message has continued.
The message shared on Bezos' account states that he "only makes a maximum of $ 50,000,000."
A scam tweet surfaced on Elon Musk's Twitter account at around 4:30 p.m. ET on Wednesday
Jeff Bezos, CEO of Amazon, was also one of the victims of the Bitcoin scam
Most of the fraudulent tweets disappeared within minutes of the first release, suggesting that Twitter administrators were hitting the attacker in the face.
Although many users knew the gesture was the evil eye of a cyber criminal, others replied that they had sent money to the specified account.
Many Twitter users have posted screenshots of Bitcoin transfer receipts in the fraudulent wallet, claiming they were cheated before the scam was realized.
Publicly available blockchain records show that the obvious fraudsters have already received cryptocurrency worth over $ 100,000, with the amount still growing.
Several Twitter users said they fell for the scam and sent Bitcoin
Some experts said the incident raised Twitter cybersecurity issues.
"It is clear that the company is not doing enough to protect itself," said Oren Falkowitz, former CEO of Area 1 Security.
Alperovitch, who is now chairing the Silverado Policy Accelerator, said the public has so far avoided a bullet in some way.
"We are fortunate that given the ability to send tweets from the accounts of many famous people, hackers only cheated bitcoins worth around $ 110,000 from around 300 people," he said.