High profile individuals such as Joe Biden, Elon Musk, Jeff Bezos and other Twitter account users were targeted in a widespread hack to offer fake bitcoin deals on Wednesday in one of the most unprecedented security breaches on a social media site.
It wasn't Biden, Musk, or Bezos who were targeted, former US President Barack Obama, Microsoft co-founder Bill Gates, musician Kanye West and both Uber and Apple also posted similar tweets, all asking people to send cryptocurrency to the same bitcoin address.
The tweets were taken down throughout the afternoon, shortly after being posted.Hacks of high-profile individual accounts on Twitter have happened before, including Twitter CEO Jack Dorsey whose account was targeted in 2019 but the widespread nature of this attack suggested an unusually massive operation to internal controls.
While it was not exactly clear how the attacks originated or why they went on for hours together, some cybersecurity experts speculated that someone may have gained access to internal Twitter controls that allowed them to take over and post on the accounts. “This is massive,” said cybersecurity expert Rachel Tobac, the CEO of SocialProof Security. “This is most likely the largest attack I’ve ever seen. We are extremely lucky that these attackers are monetarily motivated and not sowing mass chaos all over the world.”It wasn't Twitter accounts that were targeted but the attack also partially shut down the network.
Twitter said in a tweet on Wednesday afternoon that some users weren’t able to tweet while it was addressing the problem. Users with the check mark indicating that their accounts were verified by Twitter reported that they weren’t able to tweet.Twitter started letting verified accounts tweet again Wednesday night but warned the “functionality may come and go” as it worked on a fix to the breach.
Later the same night, Dorsey tweeted that the company was “diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.” He called it a “tough day” at Twitter. Twitter said in later a tweet that it “detected a coordinated attack by people who successfully targeted some of our employees with access to internal systems and tools.”
We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely.— Twitter Support (@TwitterSupport) July 16, 2020
Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.— Twitter Support (@TwitterSupport) July 16, 2020
Cybersecurity experts warned that this will create major noticeable hurdles for Twitter, and it will make it more challenging moving forward to verify the authenticity of messages on the service. That could have wide-reaching implications for politicians, celebrities and brands that use Twitter as an essential channel for communication. “The problem is that we all rely on Twitter as this public space that is safe and secure, and we know that the tweets that someone like a Joe Biden is sending out are authentic,” said Harper Reed, an entrepreneur who served as the 2012 Obama campaign’s chief technology officer. “Twitter has proven to us that may not be true.” President Trump is an avid user of the platform, frequently tweeting his views to more than 83 million followers. Trump’s Twitter account was taken down for 11 minutes in 2017 by a departing employee for the company.
After the incident, Twitter tweeted that it had “implemented safeguards to prevent this from happening again.”Cybersecurity experts warned that this type of breach, where influential accounts are taken over, could have devastating effects if used for something more dangerous than to take money from unsuspecting users. The consequences could be greater if it involved an account like Trump’s or spread misinformation on some type of global security threat. Disinformation expert Clint Watts compared it to a 2013 incident in which hackers took control of the Associated Press Twitter account and falsely tweeted that the White House was under attack. That caused a brief nose dive in the stock market that quickly corrected once the hoax was exposed.
If U.S. adversaries gained similar control of a politician’s accounts on Election Day, they could wreak havoc by spreading misinformation about polling locations or phony rumors about voter fraud, he said. “Russia’s most dangerous play is how do you inflict the maximum amount of chaos on Election Day. They want to further erode confidence in democracy, and this is emblematic of a way they can do that,” he said.The hacks Wednesday differ from another high-profile hack last year against Twitter CEO Dorsey, in which his phone number was hacked and used to send tweets via text message.
Some of the people who were hacked indicated that they had turned on two-factor authentication and were using strong passwords, which typically makes unauthorized account access much more difficult. SocialProof Security’s Tobac said one likely scenario could be that hackers gained access to the back end of Twitter’s employee administration panel, which could include access to change account passwords. This could have happened by a hacker stealing an employee’s credentials, especially if an employee didn’t have secure multifactor authentication turned on. Early Wednesday afternoon on the West Coast, Tesla CEO Musk’s account was one of the first to tweet the scam to his nearly 37 million followers. Feeling grateful, doubling all payments sent to my BTC address! You send $1,000, I send back $2,000! Only doing this for the next 30 minutes,” the now-deleted tweet said. His account continued to tweet similar posts as they were deleted. This is a SCAM, DO NOT participate!” Cameron Winklevoss, a bitcoin investor and co-founder of Gemini, wrote of Musk’s tweet.
This is a SCAM, DO NOT participate! This is the same attack/takeover that other major crypto twitter accounts are experiencing. Be vigilant! Situation is ongoing.https://t.co/2k9U3PpnKm— Cameron Winklevoss (@winklevoss) July 15, 2020
Gemini’s account was hacked earlier in the day, Winklevoss tweeted, despite the account using two-factor authentication for security. Gates‘s was one of the next high-profile accounts to tweet.Spokeswoman Bridgitt Arnold confirmed that the tweet was not sent by Gates and said Twitter was working to restore his account. Meanwhile, Uber’s corporate account posted a tweet that read, “Due to Covid-19, we are giving back over $10,000,000 in Bitcoin! All payments sent to our address below will be sent back doubled.” Uber confirmed in a tweet that its account had been hacked. “Like many others, our @Uber account was hit by a scammer today.
The tweet has been deleted and we’re working directly with @Twitter to figure out what happened,” the company’s communication team tweeted. Then came a tweet from Amazon CEO and Washington Post owner Bezos’s account. “I have decided to give back to my community.” The tweet said it would be limited to $50 million.Democratic presidential hopeful Biden was also a target of the hack, his campaign confirmed. His account tweeted out the same bitcoin wallet address. Twitter spokeswoman Aly Pavela said earlier in the day that the company was investigating the issue. The company said in a tweet it was “taking steps to fix” the security issue and would provide an update.Representatives for Musk, Bezos and Apple did not immediately respond to requests for comment.
The bitcoin wallet the tweets pointed to appeared to receive more than $115,000. It’s unclear how much of that was driven by the hacked tweets and what may have originated from the scammers.It’s also unclear how much information the hackers were able to cull from the accounts they compromised. If they were able to access the accounts’ direct messages they might have stolen information they could leak later to embarrass people or to sow chaos during the 2020 election or another major event, said Theresa Payton, CEO of the cybersecurity company Fortalice Solutions and a former White House technology official. This is a serious reminder of how important Internet security is, especially leading up to the election, she said. “Today should be a tsunami bell warning for all social media companies,” she said.