High-profile Twitter accounts hijacked in crypto scam

Read time 4min 30sec
Jack Dorsey, Twitter chief executive officer.
Jack Dorsey, Twitter chief executive officer.

Social media platform Twitter has been hit by a massive social engineering attack targeting top users such as US presidential candidate Joe Biden, Tesla CEO Elon Musk, former US president Barack Obama, and reality TV star Kim Kardashian.

The attackers also hijacked the accounts of Microsoft founder Bill Gates, Uber and Apple, among others, with the hackers demanding to be paid in crypto-currency.

The popular social media platform has confirmed the hackers compromised high-profile accounts after gaining access to its internal tools.

In a series of tweets, the microblogging platform says the investigation into the hack is ongoing.

“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” says Twitter.

“We know they used this access to take control of many highly-visible (including verified) accounts and tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.

“Once we became aware of the incident, we immediately locked down the affected accounts and removed tweets posted by the attackers.

“We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this.”

Twitter says this was disruptive, but it was an important step to reduce risk.

“Most functionality has been restored but we may take further actions and will update you if we do.

“We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely.”

Twitter says it has taken significant steps to limit access to internal systems and tools while the investigation is ongoing.

Following the hack, Jack Dorsey, Twitter chief executive officer, tweeted: “Tough day for us at Twitter. We all feel terrible this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.”

Commenting on the attack, Ilia Kolochenko, founder and CEO of Web security company ImmuniWeb, says this incident is truly unusual due to the audacity and creativity of the attackers.

“The scale of the reported attack and the diversity of the victims unambiguously point out that Twitter, or one of its key suppliers, has likely been breached by the attackers,” Kolochenko says.

“We may seek other commonalities among the mushrooming victims, like a shared social media management company that may have been breached, but the chances are considerably lower of this being the cause of the attack,” he notes.

In both cases, Kolochenko adds, “if the attackers got access and managed to steal Twitter’s databases, and are not just opportunistically exploiting an unknown authentication bypass flaw in one of its systems, millions of users and enterprises are at critical risk of highly sophisticated phishing, ransomware, identity theft and many other attacks for the next few years.

“This attack is unprecedentedly smart and coordinated. This incident highlights the extreme fragility of the modern information space. In a similar disinformation campaign, nation-state actors may simply announce a military or nuclear incident and provoke national havoc, or spread fake news about a rival business to ruin its stock price and then purchase it for pennies.

“We expect Twitter to gradually share information about the investigation, and a detailed forensic report about the root causes of the incident.”

Dmitry Bestuzhev, cyber security expert at Kaspersky Lab, comments: “This major scam flags the fact that we are living in the era when even people with computer skills might be lured into a scammer’s trap, and even the most secure accounts can be hacked.”

According to Kaspersky’s current estimates, at least 367 users have transferred around $120 000 in total to the attackers.

“Cyber security is undoubtedly one of the top priorities of all major social media platforms, and they put efforts into preventing many attacks every day,” comments Bestuzhev.

However, he notes, neither Web site nor software is entirely immune to bugs, nor is the human factor immune to mistakes.

“Therefore, any native platforms might be compromised. Today we see how, along with new attack vectors, scams combine old and effective techniques, to use a surprise element and gain people’s trust to facilitate the attack and lure victims into a trap. For instance, it might be a mixture of supply chain attacks with social engineering. In addition, the threat actors might gain access to the victim’s account in other ways: for instance, it can be penetrating a third-party app with access to the user’s profile, or the user’s password might be brute-forced,” he concludes.

See also