Security Experts:

Connect with us

Hi, what are you looking for?



Hackers Used Internal Twitter Tools to Hijack High-Profile Accounts

Twitter has confirmed that hackers leveraged internal tools to take over high-profile accounts and use them to post scam tweets.

Twitter has confirmed that hackers leveraged internal tools to take over high-profile accounts and use them to post scam tweets.

The attack resulted in the compromise of the Twitter accounts of Apple, former U.S. president Barack Obama, Tesla and SpaceX CEO Elon Musk, presidential candidate Joe Biden, Amazon founder and CEO Jeff Bezos, Microsoft co-founder Bill Gates, Uber, and businessman and politician Mike Bloomberg, among others.

Leveraging the unauthorized access, the hackers posted messages encouraging people to send 0.1 Bitcoin to a specific address to receive twice the amount. The fake posts claimed the offer was valid for 30 minutes only.

Twitter hacked

Twitter, which has deleted the duplicitous messages, temporarily suspended the ability to tweet for verified accounts, but restored it after identifying those that were compromised.

The Twitter accounts of several cryptocurrency exchanges, including Binance and Coinbase, and those of their CEOs and founders were also hacked into and abused to promote a COVID-19 cryptocurrency giveaway scam associated with a company called “CryptoForHealth,” Tenable researcher Satnam Narang said in an emailed comment.

A message posted on the CryptoForHealth site claimed that they partnered with digital currency exchanges to provide a “5000 Bitcoin (BTC) giveaway,” Narang explains.

The Bitcoin address on the CryptoForHealth site was included in all bogus messages posted on Twitter as well. The attackers apparently made over $100,000 from the scam and have already transferred the money out of the wallet.

“What makes this incident most notable, however, is that the scammers have managed to compromise the legitimate, notable Twitter accounts to launch their scams. Because the tweets originated from these verified accounts, the chances of users placing their trust in the CryptoForHealth website or the purported Bitcoin address is even greater,” Narang said.

After containing the incident and closing the unauthorized access, Twitter confirmed that the hackers used social engineering to target “employees with access to internal systems and tools.”

“We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it,” Twitter said.

The social media platform also noted that it took several steps internally to limit access to systems and tools while the investigation is ongoing.

Reacting to Twitter’s messages, some people raised the issue of internal tools having too much access to user account data, while others questioned the claim of this being a social engineering attack and suggesting internal help.

According to Vice, the hackers, who allegedly had help from a Twitter employee, took control of some accounts by changing the email addresses associated with them. Screenshots of the internal panel at the social platform revealed the amount of personal information employees have access to.

This is not the first security incident involving the social media giant. In 2017, a series of high-profile accounts were compromised through Twitter Counter, while in September 2019 Twitter CEO Jack Dorsey had his account compromised in a SIM swapping attack.

*Updated: an earlier version of the article incorrectly stated that over 5,000 individuals sent 840 bitcoin to the CryptoForHealth address.

Related: Twitter Confirms ‘Security Incident’ Involving Hacked Accounts

Related: Twitter Accounts of Apple, Musk, Gates, Others Hit in Major Hack

Related: Twitter Temporarily Disables Tweeting via SMS After CEO Hack

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.