Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Hackers Used Internal Twitter Tools to Hijack High-Profile Accounts

Twitter has confirmed that hackers leveraged internal tools to take over high-profile accounts and use them to post scam tweets.

Twitter has confirmed that hackers leveraged internal tools to take over high-profile accounts and use them to post scam tweets.

The attack resulted in the compromise of the Twitter accounts of Apple, former U.S. president Barack Obama, Tesla and SpaceX CEO Elon Musk, presidential candidate Joe Biden, Amazon founder and CEO Jeff Bezos, Microsoft co-founder Bill Gates, Uber, and businessman and politician Mike Bloomberg, among others.

Leveraging the unauthorized access, the hackers posted messages encouraging people to send 0.1 Bitcoin to a specific address to receive twice the amount. The fake posts claimed the offer was valid for 30 minutes only.

Twitter hacked

Twitter, which has deleted the duplicitous messages, temporarily suspended the ability to tweet for verified accounts, but restored it after identifying those that were compromised.

The Twitter accounts of several cryptocurrency exchanges, including Binance and Coinbase, and those of their CEOs and founders were also hacked into and abused to promote a COVID-19 cryptocurrency giveaway scam associated with a company called “CryptoForHealth,” Tenable researcher Satnam Narang said in an emailed comment.

A message posted on the CryptoForHealth site claimed that they partnered with digital currency exchanges to provide a “5000 Bitcoin (BTC) giveaway,” Narang explains.

The Bitcoin address on the CryptoForHealth site was included in all bogus messages posted on Twitter as well. The attackers apparently made over $100,000 from the scam and have already transferred the money out of the wallet.

“What makes this incident most notable, however, is that the scammers have managed to compromise the legitimate, notable Twitter accounts to launch their scams. Because the tweets originated from these verified accounts, the chances of users placing their trust in the CryptoForHealth website or the purported Bitcoin address is even greater,” Narang said.

Advertisement. Scroll to continue reading.

After containing the incident and closing the unauthorized access, Twitter confirmed that the hackers used social engineering to target “employees with access to internal systems and tools.”

“We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it,” Twitter said.

The social media platform also noted that it took several steps internally to limit access to systems and tools while the investigation is ongoing.

Reacting to Twitter’s messages, some people raised the issue of internal tools having too much access to user account data, while others questioned the claim of this being a social engineering attack and suggesting internal help.

According to Vice, the hackers, who allegedly had help from a Twitter employee, took control of some accounts by changing the email addresses associated with them. Screenshots of the internal panel at the social platform revealed the amount of personal information employees have access to.

This is not the first security incident involving the social media giant. In 2017, a series of high-profile accounts were compromised through Twitter Counter, while in September 2019 Twitter CEO Jack Dorsey had his account compromised in a SIM swapping attack.

*Updated: an earlier version of the article incorrectly stated that over 5,000 individuals sent 840 bitcoin to the CryptoForHealth address.

Related: Twitter Confirms ‘Security Incident’ Involving Hacked Accounts

Related: Twitter Accounts of Apple, Musk, Gates, Others Hit in Major Hack

Related: Twitter Temporarily Disables Tweeting via SMS After CEO Hack

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...