Shortly after 4PM last Wednesday, the Twitter accounts of major celebrities, tech companies, and CEOs all began posting tweets promising free cryptocurrency to followers who sent Bitcoin to a specific address within the next 30 minutes. The crypto scam turned out to be part of a massive coordinated hack affecting dozens of major Twitter accounts with millions of followers, the largest security breach in the company’s history.
The hack compromised the Twitter accounts of former U.S. President Barack Obama and presidential candidate Joe Biden, billionaire tech founders and CEOs Elon Musk, Bill Gates, Jeff Bezos, and major tech companies such as Apple and Coinbase. Overall, 130 accounts were targeted. After fears grew that Twitter had been fatally compromised, the company blocked tweets from verified accounts as it assessed the damage, many of which were restored a few hours later.
According to the Bitcoin address used in the tweets, scammers likely made off with over a hundred thousand dollars within just a few minutes. The tweets were all a variation of the same message, offering followers a chance to double their Bitcoin in return for simply sending some to a specified address.
“I am giving back to the community. All Bitcoin sent to the address below will be sent back doubled! If you send $1,000, I will send back $2,000. Only doing this for 30 minutes,” read a typical tweet. The crypto scam closely followed the Bitcoin impersonation scams that proliferated on Twitter following the big crypto boom in 2017, except this time, instead of scammers impersonating Twitter accounts, they hacked them.
While on the surface it appears like the attack was primarily carried out to scam followers out of Bitcoin, it’s possible that the attackers were actually after something more valuable - the direct messages of high-profile politicians, tech executives, and celebrities. According to Twitter’s official support account, attackers were able to download all of the data for eight of the compromised accounts using the platform’s “Your Twitter Data” tool.
For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. We are reaching out directly to any account owner where we know this to be true.— Twitter Support (@TwitterSupport) July 18, 2020
That would include direct messages and, in some cases, synced address books. Depending on which accounts the attackers stole data from, this information could be worth far more than whatever Bitcoin they collected from the crypto scam. While Twitter has not directly disclosed the eight impacted accounts, the company has said that none of the eight were Verified accounts.
Regardless, the fact that the attackers were able to download user data signals that they most likely had full access to the accounts. In order to carry out the hack, it appears as though the attackers targeted Twitter employees to gain access to the company’s internal systems. In a Twitter Support tweet, the company said, “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
In a followup thread on Thursday, the company said that there was no evidence that attackers accessed passwords and that instead they accessed tools only available to Twitter’s internal support teams. As of Saturday, the company confirmed in a blog post that of the 130 accounts targeted, “for 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets.”
Social engineering remains one of the most glaring weak spots when it comes to cybersecurity, as shown by last week’s hack. Some of the biggest data breaches of all time have been the result of social engineering schemes, from a phishing attack that led to 3 billion Yahoo accounts being compromised to a major breach that exposed over a 100 million credit cards at Target in 2013.
With such vast reach, a critical security compromise of a major social media platform such as Twitter could have a far more disastrous impact if, for instance, more nefarious hackers were to gain access to and send threatening or alarmist messages from the account of a high profile politician or executive. Such a scenario could severely impact the stock market or elicit a negative response from another country.
That exact scenario happened in 2013, when a single post from the Associated Press’ Twitter account sent the Dow Jones into a tailspin and momentarily wiped $136.5 billion off of the S&P 500’s total market capitalization. “Breaking: Two Explosions in the White House and Barack Obama Injured,” read the tweet. It turned out to be fake and was quickly deleted, but it made clear the real world effects of insecure social media platforms.
We’re lucky that Wednesday’s hack was used for the rather mundane purpose of attempting to get followers to part with some of their cryptocurrency, it could have been much worse. Still, the frequent occurrence of major hacks and data breaches continues to be alarming. It’s never been more important that you stay informed and take what steps you can to protect yourself online.
Check out our in-depth security and privacy guides:
Bloom: Your Data, Your Credit, Your Privacy
At Bloom, we are giving you the tools to take back control of your data all in one simple app. No more centralized data storage. No more selling off your data to the highest bidder. Bloom enables you to own, control, and protect your data using the latest advancements in blockchain technology.
It’s time to take back control of your data and unlock the power of a secure identity today. Download the Bloom mobile app to build a digital identity, monitor your credit, and get free data breach alerts with Radar!