If you’re waking up just now like me, all of us missed Twitter’s most dramatic and biggest hack of all time. Here’s what happened: some hackers took over accounts of many high profile accounts such as Elon Musk, Jeff Bezos, Apple, Uber, Kim Kardashian, and Bill Gates, and tweeted about…well, Bitcoin.
The hacker(s) even successfully got some money from folks who fell for the scam. As Bitcoin transactions are traceable to an extent, you can see how much money a Bitcoin wallet address is holding. The wallet being linked to the hackers shows that they managed to steal nearly $120,000 from people.
It's an actual wallet address and there are transactions happening. It's unclear if these transactions are legit. Scammers often seed their own scams to give them the appearance of authenticity. https://t.co/GUHEDaKNxu pic.twitter.com/xfhl3817xr
— Ryan Mac 🙃 (@RMac18) July 15, 2020
Thankfully, all of this was short-lived. Twitter‘s security team regained access to the hacked accounts, and deleted all tweets related to the Bitcoin scam. For a short amount of time, the social network prevented verified accounts from tweeting as a security measure.
We’re continuing to limit the ability to Tweet, reset your password, and some other account functionalities while we look into this. Thanks for your patience.
— Twitter Support (@TwitterSupport) July 15, 2020
So what the heck happened? Twitter said that it detected “what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
— Twitter Support (@TwitterSupport) July 16, 2020
What’s social engineering? It’s when someone manipulates you to extract information by masquerading as a trusted actor (such as your bank, or a friend who seems to know intimate details of your life); in this case, the target was access to Twitter’s systems.
It might not be easy to get access to Twitter‘s internal tools. So hackers targeted a mole inside the company. According to a report by Vice’s Joseph Cox, who talked to sources who took over accounts, hackers got hold of Twitter‘s internal admin tools, which made the task easier.
Once they got the access to the tool, they changed the recovery email addresses of high-profile accounts to make these handles difficult to recover, and tweeted the Bitcoin scam message. Vice’s report also notes that the attackers got hold of some coveted accounts with one- or two-character handles.
This is not the first social engineering-based incident on Twitter. In 2019, in a court case, details of two former employees of the social network spying for the Saudi Regime came to the fore. In 2017, a Twitter employee briefly managed to delete President Donald Trump’s account.
This hack didn’t do much damage, but it points to the possibility of a horror show. In this instance, hackers just tweeted a Bitcoin scam. But they could’ve taken over political accounts and tweeted stuff that might’ve had far more dangerous implications than stealing a few thousand dollars.
Twitter said that it has limited access to internal tools. But wasn’t that restricted already? And since this was a social engineering attack, what’s there to prevent hackers to manipulate another Twitter employee who might’ve access to the tool?