Social networking website Twitter witnessed a major breach with accounts of several prominent people getting hacked. The hacked account posted messages exhorting followers to fork up cryptocurrency.
The accounts hacked included those belonging to Barack Obama, Joe Biden, Jeff Bezos, Waren Buffet, Bill Gates, Mike Bloomberg, Elon Musk, Kanye West, and others. The corporate accounts for Uber and Apple were also affected during the major breach.
The fake tweets offered to send $2,000 for every $1,000 sent to a bitcoin address.
Some of the bogus tweets were swiftly deleted but there appeared to be a struggle to regain control of the accounts.
In the case of billionaire Telsa Chief Executive Elon Musk, for example, one tweet soliciting cryptocurrency was removed and, sometime later, another one appeared.
Here are few of the screenshots of the fake tweets:
In a statement, Twitter said, “We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly”.
“You may be unable to Tweet or reset your password while we review and address this incident,” Twitter said.
Tough day for us at Twitter. We all feel terrible this happened.
We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.
💙 to our teammates working hard to make this right.
— jack⚡️ (@jack) July 16, 2020
Meanwhile, Tron founder and CEO of BitTorrent Justin Sun put a bounty of $1 million on the heads of those responsible for the hacking incident.
A
“TRON Founder & CEO of @BitTorrent, Justin Sun is putting out a Bounty for the hackers in the amount of $1 million. He will personally pay those who successfully track down, and provide evidence for bringing to justice, the hackers/people behind this hack affecting our community,” BitTorrent’s official Twitter account posted.
Due to the attack that spanned multiple verified accounts, Twitter shares plummeted, according to the trading data shared in social media.
The unusual scope of the problem suggests hackers may have gained access at the system level, rather than through individual accounts. While account compromises are not rare, experts were surprised at the sheer scale and coordination of Wednesday’s incident.
“This appears to be the worst hack of a major social media platform yet,” said Dmitri Alperovitch, who co-founded cybersecurity company CrowdStrike.
Some experts said it seemed probable that hackers had access to Twitter’s internal infrastructure.
“It is highly likely that the attackers were able to hack into the back end or service layer of the Twitter application,” Michael Borohovski, director of software engineering at security company Synopsys told news agency Reuters.
“If the hackers do have access to the backend of Twitter, or direct database access, there is nothing potentially stopping them from pilfering data in addition to using this tweet-scam as a distraction,” he said.
Publicly available blockchain records show that the apparent scammers have already received more than $100,000 worth of cryptocurrency.
Several experts said the incident has raised questions about Twitter’s cybersecurity.
“It’s clear the company is not doing enough to protect itself,” said Oren Falkowitz, former CEO of Area 1 Security.
Alperovitch, who now chairs the Silverado Policy Accelerator, said that, in a way, the public had dodged a bullet so far.
“We are lucky that given the power of sending out tweets from the accounts of many famous people, the only thing that the hackers have done is scammed about $110,000 in bitcoins from about 300 people,” he said.