If Twitter seemed a little odd when you signed in today, you’re not wrong. On Wednesday evening, a massive security breach targeted the accounts of high-profile verified users such as Apple, Elon Musk, Barack Obama, Joe Biden, and many others with millions of followers. The Twitter hack had all these users tweet about a bitcoin scam, telling them that for half an hour only they would be giving back $2,000 for every $1,000 they receive. Since these were verified accounts of public figures and companies, users didn’t suspect it was all a scam at first, and rushed to send money. Although Twitter was quick in identifying the malicious link and quickly pulled it offline, it was enough for the scammers to make a lot of money from online transactions. The breached accounts shared multiple bitcoin wallet addresses, which made tracking even more difficult.
The Twitter hack targeted some of the most influential users on the platform, such as YouTuber MrBeast, Bill Gates, Kim Kardashian, Warren Buffet, and Elon Musk. Company accounts were also breached: Apple, Uber, Wendy’s and many others. What was also concerning was that presidential candidate Joe Biden and former president Barack Obama shared the same message. Most of these accounts had two-step authentication turned on, which led Twitter to believe that the attack was made possible with access to the company’s own tools and employee privileges.
In a multi-tweet explainer, Twitter said that they suspected that the breach was an advanced social engineering attack that involved multiple people and that it wouldn’t have been possible without access to the company’s tools. We don’t know yet what these tools are, but a Motherboard report speculates that hackers paid a Twitter employee to resent all the email accounts linked to those Twitter profiles and then recover the passwords. If this is the case, Twitter could come under fire for its security practices, especially considering that many of these accounts, such as those of political figures, may have had sensitive information on them.
Following the breach, Twitter decided to limit verified accounts from posting, and, even after a few hours, the functionality came and went as Twitter tried to fix the issue. The company is currently investigating the hack.
Although it’s not the first time when a Twitter account is hacked, it’s the first time that so many verified accounts are hacked at the same time. Since the message was shared by Apple (who is known for its extensive security practices), political figures, MrBeast (who regularly does this kind of giveaways), and in general public figures with millions of followers, it was enough for many people to consider the tweet legitimate and send their money. The tweets were deleted within minutes, but some sent as much as $100,000 to the BTC addresses and catching the hackers behind this will be very difficult.