With the US Presidential election only months away, this is an especially concerning incident.
From about 1pm on Wednesday, a range of celebrity and brand accounts started tweeting out a message promoting a crypto giveaway, in which funds sent to a specified bitcoin wallet would send back double the amount to the user.
The messages, which are all similar, and all include the same bitcoin wallet address, were seemingly part of an elaborate hack – possibly the largest ever seen on Twitter in terms of scale and associated reach.
Among a range of verified profiles, the hackers gained access to the accounts of:
- Kanye West
- Joe Biden
- Bill Gates
- Jeff Bezos
- Elon Musk
- Mike Bloomberg
- Floyd Mayweather
- Barack Obama
- HQ Trivia
- Warren Buffet
- Kim Kardashian
And users did indeed begin sending money through – as noted by The Verge, because the exchanges are publicly listed on the blockchain-based network, it was possible to see the transactions shifting funds to the bitcoin wallet address listed in the tweets. More than $110k had been transferred just an hour after first reports of the hack started coming through. Reports have suggested that these transactions are not reversible.
Twitter has since investigated the incident, and has provided this update:
“Our investigation is still ongoing but here’s what we know so far:
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools. We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.
Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers. We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this. This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions, and will update you if we do.
We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely. Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.”
The incident is a major concern for Twitter’s security, and while Twitter is still working out exactly how the hackers managed to gain access to these accounts, much of the damage has been done, with their messages reaching potentially millions of users.
The incident also opens up a broader range of security concerns, both for Twitter and social media more broadly – especially when you consider the way US President Donald Trump has used tweets to communicate foreign policy. A full report will clarify the situation, but Twitter will undoubtedly come under intense scrutiny as a result.
It could even lead to high profile users abandoning the platform entirely, or political leaders shutting down their accounts. If it’s possible for their profiles to be accessed on such a broad scale, that obviously leaves a lingering question over how much trust they can put in the platform.
One possible source of the breach could be an internal control panel, only accessible by Twitter employees. In the hours after the incident, Twitter began deleting posted screenshots of an internal tool with the capacity to access a range of Twitter accounts. Various hacker groups noted that the tool could be used to access verified accounts.
That would align with Twitter’s statement that “employees with access to internal systems and tools” had been targeted – though again, that raises questions over how people, even internal staff, are able to access accounts, and tweet on other users’ behalf.
As Twitter notes, after initially blocking all verified accounts, most are now back, but the incident has opened up a whole new chasm of concern for the Twitter team.
Both Twitter CEO Jack Dorsey and product lead Kayvon Beykpour have apologized for the incident.
Tough day for us at Twitter. We all feel terrible this happened.
We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.
???? to our teammates working hard to make this right.
— jack (@jack) July 16, 2020
That won’t be enough, and it seems likely that significant changes – even, potentially, major staffing shifts – will occur as a result.
We’ve updated this report as of 11:20pm on the 7/15.