Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Twitter Accounts of Apple, Musk, Gates, Others Hit in Major Hack

How were Twitter accounts hacked?

How were Twitter accounts hacked?

The official Twitter accounts of Apple, Elon Musk, Jeff Bezos and others were hijacked on Wednesday by scammers trying to dupe people into sending cryptocurrency bitcoin, in a massive hack.

The list of accounts commandeered simultaneously grew rapidly to include Joe Biden, Barack Obama, Uber, Microsoft co-founder Bill Gates, bitcoin specialty firms and many others.

“We are aware of a security incident impacting accounts on Twitter,” the messaging service said in a tweet.

“We are investigating and taking steps to fix it. We will update everyone shortly.”

The Biden campaign told AFP that Twitter locked down the hacked account quickly and removed the bogus tweet.

Twitter disabled the ability to tweet from validated accounts, those with the official blue checkmarks, for about two hours while working on a fix.

“Most accounts should be able to Tweet again,” the Twitter support team said in an evening update of the situation.

“As we continue working on a fix, this functionality may come and go. We’re working to get things back to normal as quickly as possible.”

The duplicitous posts, which were largely deleted, were fired off from the array of high-profile accounts telling people they had 30 minutes to send $1,000 in bitcoin in order to be sent back twice as much.

“This is a SCAM, DO NOT participate!” Gemini cryptocurrency exchange co-founder Cameron Winklevoss warned from his official account on Twitter.

“This is the same attack/takeover that other major crypto twitter accounts are experiencing. Be vigilant!”

-‘Giving back’-

The site Blockchain.com, which monitors transactions made in cryptocurrencies, said a total of 12.58 bitcoins, worth almost $116,000, had been sent to the email addresses mentioned in the fraudulent tweets. 

The tweet that appeared on Musk’s Twitter feed said, “Happy Wednesday! I am giving back Bitcoin to all of my followers. I am doubling all payments sent to the Bitcoin address below. You send 0.1 BTC, I send 0.2 BTC back!”

It added that the offer was “only going on for 30 minutes.”

The fake messages that appeared on the accounts of other famous personalities made similar promises of instant riches. 

The scammers also hacked accounts belonging to rideshare heavyweight Uber, as well as those belonging to bitcoin trading companies.

The account of US President Donald Trump, which has more than 83 million followers, was not hacked.

“Given the accounts that got hacked more recently (Apple, Uber, Gates, Musk, etc), I am now leaning towards this being an internal compromise of a Twitter system, not an API attack from a social aggregator service,” bitcoin authority and author Andreas Antonopoulos said in a tweet from his @aantonop account.

Rachel Tobac of cyber-security firm SocialProof Security theorized that hackers got control of a Twitter employee’s administrative access to “take over a prominent account and tweet on their behalf.”

As evening arrived on Twitter home turf in San Francisco, the company continued to investigate what happened.

A version of the scam invited people to click on a link at which they would be exploited.

“All major crypto Twitter accounts have been compromised,” Winklevoss warned in a tweet.

Among the hacked accounts was @gemini used by the crypto-exchange, according to his twin brother and co-founder Tyler Winklevoss.

“@Gemini’s twitter account, along with a number of other crypto twitter accounts, has been hacked,” Tyler Winklevoss said in a tweet.

BitTorrent chief executive Justin Sun is offering a $1 million reward for finding the Twitter hackers and bringing them to justice, according to media reports.

Twitter has been target by hackers in the past.

In March 2017, the accounts of Amnesty International, the French economics ministry and the BBC’s North America service were broken into by hackers believed to have been loyal to Turkish President Recep Tayyip Erdogan.  

Last August, a series of insulting or racist messages were posted on the personal account of Twitter founder Jack Dorsey without his knowledge.

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.