Rub shoulders with leading experts and industry disruptors at TNW Conference →

Inside money, markets, and Big Tech

This article was published on November 16, 2018


Twitter says the Bitcoin scam wave came from third-party app

The plot thickens even more

Twitter says the Bitcoin scam wave came from third-party app
Mix
Story by

Mix

Former TNW Writer

Mix is a tech writer based in Amsterdam that loves cinema and probably hates the movies that you like. Tell him everything you despise about Mix is a tech writer based in Amsterdam that loves cinema and probably hates the movies that you like. Tell him everything you despise about his work on Twitter.

Twitter has confirmed the series of cryptocurrency-related hackings on its platform originated from a third-party software provider – and not its own system.

In an email to Hard Fork, a Twitter spokesperson confirmed attackers exploited a third-party marketing solution to blast fake Bitcoin giveaway links from a slew of verified accounts, including Google and Target.

Twitter refrained from naming the app in question.

The confirmation comes only days after a number of high-profile public figures and brands – including Google and retail giant Target – got their accounts breached to propagate malicious cryptocurrency giveaway links.

While Target initially suggested attackers had inappropriately accessed its Twitter account to push the Bitcoin scam to its almost two-million audience, it later backtracked its statement.

Contrary to its previous statements, the retailer clarified that hackers never directly accessed its Twitter account. Rather, Target told Hard Fork the hackers managed to post the malicious tweets by leveraging a third-party marketing app, authorized to post content on Target’s behalf.

The confirmation the hackings originated from a third-party app explains how the attackers managed to run the Bitcoin giveaway scam at such a large scale – and in such an organized manner.

Earlier this week, Twitter told Hard Fork it is working closely with affected companies in order to resolve the situation. Ironically, moments later Google’s G Suite account posted a malicious Bitcoin giveaway link.

Also tagged with