This article was published on July 16, 2020

Everything we know about how Twitter’s biggest hack went down


Everything we know about how Twitter’s biggest hack went down

If you’re waking up just now like me, all of us missed Twitter’s most dramatic and biggest hack of all time. Here’s what happened: some hackers took over accounts of many high profile accounts such as Elon Musk, Jeff Bezos, Apple, Uber, Kim Kardashian, and Bill Gates, and tweeted about…well, Bitcoin.

The hacker(s) even successfully got some money from folks who fell for the scam. As Bitcoin transactions are traceable to an extent, you can see how much money a Bitcoin wallet address is holding. The wallet being linked to the hackers shows that they managed to steal nearly $120,000 from people.

[Read: Dozens of celebrity Twitter accounts hacked in massive bitcoin scam]

Thankfully, all of this was short-lived. Twitter’s security team regained access to the hacked accounts, and deleted all tweets related to the Bitcoin scam. For a short amount of time, the social network prevented verified accounts from tweeting as a security measure.

So what the heck happened? Twitter said that it detected “what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”

What’s social engineering? It’s when someone manipulates you to extract information by masquerading as a trusted actor (such as your bank, or a friend who seems to know intimate details of your life);  in this case, the target was access to Twitter’s systems.

It might not be easy to get access to Twitter’s internal tools. So hackers targeted a mole inside the company. According to a report by Vice’s Joseph Cox, who talked to sources who took over accounts, hackers got hold of  Twitter’s internal admin tools, which made the task easier.

Once they got the access to the tool, they changed the recovery email addresses of high-profile accounts to make these handles difficult to recover, and tweeted the Bitcoin scam message. Vice’s report also notes that the attackers got hold of some coveted accounts with one- or two-character handles.

This is not the first social engineering-based incident on Twitter. In 2019, in a court case, details of two former employees of the social network spying for the Saudi Regime came to the fore. In 2017, a Twitter employee briefly managed to delete President Donald Trump’s account.

This hack didn’t do much damage, but it points to the possibility of a horror show. In this instance, hackers just tweeted a Bitcoin scam. But they could’ve taken over political accounts and tweeted stuff that might’ve had far more dangerous implications than stealing a few thousand dollars.

Twitter said that it has limited access to internal tools. But wasn’t that restricted already? And since this was a social engineering attack, what’s there to prevent hackers to manipulate another Twitter employee who might’ve access to the tool?

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with