The night of July 15-16 was quite difficult for Twitter, as happened the biggest attack in the history of the company. Many accounts of public people, companies, cryptocurrency exchanges and so on were subjected to mass compromise.
So, among the victims were: Bill Gates, Elon Musk, Jeff Bezos, Joe Biden, Barack Obama, Warren Buffet, Kanye West, Kim Kardashian, Apple and Uber, the largest cryptocurrency exchanges CoinDesk, Binance and Gemini, as well as many, many others.For most of these accounts was turned on two-factor authentication, which did not stop hackers, however, there is an assumption that some accounts disabled 2FA after a known scandal and did not include protection.
Unknown attackers used the obtained access to the top accounts in a very strange way: they announced an attraction of immense generosity and arranged a fake distribution of bitcoins.
Messages from hackers promised huge profits to users (if they first send a few bitcoins to the specified address). Fraudsters acted according to the classical scam scheme: they asked to send them a small amount of cryptocurrency, promising to double and return any amount received.
“Although the real account owners and social network employees tried to delete these messages, they immediately appeared again”, — reports Bleeping Computer.
Paradoxically, even in 2020, many people who believed that Bill Gates, Elon Musk and other well-known companies and personalities suddenly began to distribute bitcoins. Since the same messages and the same bitcoin wallet were used for all hacked accounts, you can see that the scammers “earned” about 13 BTC, that is, about $120,000.
Remains unclear, how Twitter suffered such a massive attack.
“At night, the company’s specialists were forced to disable the ability to write messages for all verified accounts with a blue “checkmark” for several hours, as well as prohibit resetting passwords and a number of other functions”, – report in BleepingComputer.
Currently, many accounts may still experience blockages. Also, at some point, the social network began to automatically delete messages containing the purse address of the attackers, and any messages similar in structure to a scam message (several jokers posting parodies of these messages were blocked).
The head of Twitter, Jack Dorsey, reports that the investigation will be as transparent as possible.
“Tough day for us at Twitter. We all feel terrible that this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened“, – wrote Jack Dorsey.
Currently, the preliminary results of the investigation are the followig. Twitter officially reports that at the root of the incident lies a coordinated attack on company employees using social engineering. As a result, attackers were able to gain access to unnamed internal systems and tools, which they used, taking control of many popular accounts.
This is fully consistent with the most popular among information security experts theory. The fact is that at night there were reports on the network that hackers reached the Twitter admin panel, and Twitter employees, which only increased the experts’ suspicions, almost instantly deleted these messages with screenshots.
As a result, in an effort to reduce risks, Twitter engineers went to the extreme measure, which they themselves called “destructive” and proactively blocked a huge cluster of accounts (which were not even attacked at first glance), restricting publications and other functions for them. The owners are promised to regain access to these accounts as soon as it becomes clear that they are safe and the threat is eliminated.
The company claims that it has already taken measures to limit access to internal systems and tools, but the investigation is still ongoing and it is extremely far from completion. It is also mentioned that the company carefully checks, to what data other user information crackers could gain access (for example, private messages, pending and saved tweets).
It is worth noting that some information security experts are already writing that the attack was probably not as simple as it seems at first glance. After all, gaining access at such a level and “spending” it on a fake distribution of cryptocurrency, which brought a little more than one hundred thousand dollars, is a rather strange step for hackers: in theory, such access could be sold for millions. Therefore, many believe that the real purpose of this campaign could probably be, for example, data theft.
However, other experts say that everything is possible, and some criminals are simply not too smart.
“Sometimes hackers come across valuable access they don’t know how to properly monetize. Just because they only made $ 100k from having access to almost every Twitter account doesn’t necessarily mean there’s a deeper hidden motive. Some hackers just aren’t creative”, – comment on the situation at MalwareTech.
By the way, let me remind you that there were cases when the company itself was rather careless in handling user data.