Last week Business Insider reported that certain influential Twitter accounts were hacked. Bill Gates, Elon Musk, former President Barack Obama, President Donald Trump, and other public figures were all compromised.
The accounts were posting tweets that appeared to promote a cryptocurrency scam. The hackers targeted high-profile accounts that had the potential to spread the scam as far as possible.
These accounts, along with Uber, Apple, Kanye West, Kim Kardashian West, Mike Bloomberg, Warren Buffett, and Jeff Bezos all posted similar tweets asking for donations via Bitcoin to their verified profiles.
The number of prominent accounts that were impacted makes this the biggest security breach of Twitter’s history.
Anatomy of a hack
It happened fast. The first public signs of the intrusion came around 3 p.m. EDT, on Wednesday, July 15.
The Twitter account for cryptocurrency exchange Binance tweeted a message saying it had partnered with “CryptoForHealth.” The tweet urged followers to give back 5000 bitcoin to the community, with a link where people could send money.
Minutes later similar tweets went out from the accounts of other cryptocurrency exchanges, as well as from Twitter accounts of famous people, huge companies, billionaires, and presidents, current and past.
“Everyone is asking me to give back, and now is the time,” said a tweet that looked like it was coming from Bill Gates. There was a promise to double all payments to a Bitcoin address for the next 30 minutes.
During the hack and for 24 hours afterward the BTC wallet promoted by many of the hacked Twitter profiles processed 383 transactions and received almost 13 bitcoin, approximately $117,000.
Twitter support responded quickly to the hack
On Wednesday, as the hack was escalating, Twitter took the unprecedented step of blocking all verified accounts from tweeting as a temporary measure, while it secured its services.
It locked the affected accounts until their owners could satisfactorily identify themselves and take back control. Its data download feature was also temporarily disabled.
A little more than an hour after the attack began, Twitter apparently moved to prevent holders of verified accounts from tweeting. Users reported that non-verified accounts could still tweet.
“You may be unable to Tweet or reset your password while we review and address this incident,” Twitter’s support account said.
Statements from Twitter
Twitter released a statement on its platform addressing the attack.
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
— Twitter Support (@TwitterSupport) July 16, 2020
In a blog post updated on July 22, Twitter explained that the perpetrators downloaded personal data from up to eight of 130 compromised accounts.
Twitter officials did not specify which accounts were affected, although they said that “none of the eight were verified accounts,” by which the company means none of them was the official account of a public figure.
Binance released its own statement addressing the incident, denying association with the hacker and offering assurances that the hacker’s wallet addresses have been blocked from depositing assets.
They also urged users to refrain from clicking on posts from CryptoForHealth and other suspicious tweets or posts that solicit donations to a crypto/bitcoin address.
Who hacked Twitter?
The identity of the hacker(s) remains unknown. No arrests have been made.
There have been reports by the New York Times, last Friday, and by Tech Crunch that a hacker named “Kirk” got access to Twitter’s internal tools and gave a live demonstration of his ability to gain access to accounts on a Twitter slack channel.
Cybersecurity reporter Brian Krebs reported that a 21-year-old man from Liverpool, England may have been involved.
Krebs believes that the attack has all the earmarks of coming from the SIM swapping community. “SIM swapping” is a form of crime that involves bribing, hacking, or coercing employees at telecom and social media companies to providing access to a target’s account.
People within the SIM swapping community are obsessed with hijacking so-called “OG” or “original gangster” social media accounts.
The FBI, Congress, and the state of New York are all investigating. Twitter’s forensic investigation is still ongoing.
Meanwhile, the company is still doing damage control and attempting to restore its users’ trust that may have been eroded by the most extensive (as far as we know) hack in Twitter history.
Have a story you want USA Herald to cover? Submit a tip here and if we think it’s newsworthy, we’ll follow up on it.
Want guaranteed coverage? We also offer contract journalism here. Just be sure you’re comfortable giving up editorial control, because our journalists are dogged and will follow the story through to it’s conclusion. The story will be published to our exacting standards, without regard for your preferred slant.
Want to contribute a story? We also accept article submissions — check out our writer’s guidelines here.