Twitter has confirmed that hackers leveraged internal tools to take over high-profile accounts and use them to post scam tweets.
The attack resulted in the compromise of the Twitter accounts of Apple, former U.S. president Barack Obama, Tesla and SpaceX CEO Elon Musk, presidential candidate Joe Biden, Amazon founder and CEO Jeff Bezos, Microsoft co-founder Bill Gates, Uber, and businessman and politician Mike Bloomberg, among others.
Leveraging the unauthorized access, the hackers posted messages encouraging people to send 0.1 Bitcoin to a specific address to receive twice the amount. The fake posts claimed the offer was valid for 30 minutes only.
Twitter, which has deleted the duplicitous messages, temporarily suspended the ability to tweet for verified accounts, but restored it after identifying those that were compromised.
The Twitter accounts of several cryptocurrency exchanges, including Binance and Coinbase, and those of their CEOs and founders were also hacked into and abused to promote a COVID-19 cryptocurrency giveaway scam associated with a company called “CryptoForHealth,” Tenable researcher Satnam Narang said in an emailed comment.
A message posted on the CryptoForHealth site claimed that they partnered with digital currency exchanges to provide a “5000 Bitcoin (BTC) giveaway,” Narang explains.
The Bitcoin address on the CryptoForHealth site was included in all bogus messages posted on Twitter as well. The attackers apparently made over $100,000 from the scam and have already transferred the money out of the wallet.
“What makes this incident most notable, however, is that the scammers have managed to compromise the legitimate, notable Twitter accounts to launch their scams. Because the tweets originated from these verified accounts, the chances of users placing their trust in the CryptoForHealth website or the purported Bitcoin address is even greater,” Narang said.
After containing the incident and closing the unauthorized access, Twitter confirmed that the hackers used social engineering to target “employees with access to internal systems and tools.”
“We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it,” Twitter said.
The social media platform also noted that it took several steps internally to limit access to systems and tools while the investigation is ongoing.
Reacting to Twitter’s messages, some people raised the issue of internal tools having too much access to user account data, while others questioned the claim of this being a social engineering attack and suggesting internal help.
According to Vice, the hackers, who allegedly had help from a Twitter employee, took control of some accounts by changing the email addresses associated with them. Screenshots of the internal panel at the social platform revealed the amount of personal information employees have access to.
This is not the first security incident involving the social media giant. In 2017, a series of high-profile accounts were compromised through Twitter Counter, while in September 2019 Twitter CEO Jack Dorsey had his account compromised in a SIM swapping attack.
*Updated: an earlier version of the article incorrectly stated that over 5,000 individuals sent 840 bitcoin to the CryptoForHealth address.
Related: Twitter Confirms ‘Security Incident’ Involving Hacked Accounts
Related: Twitter Accounts of Apple, Musk, Gates, Others Hit in Major Hack
Related: Twitter Temporarily Disables Tweeting via SMS After CEO Hack