Today was a wild day for verified users on Twitter, as high profile accounts including the likes of Apple, Elon Musk and Bill Gates were hijacked to proliferate a cryptocurrency scam.
How did this happen? According to Motherboard, the hacks were part of an inside job, with a Twitter employee responsible and also paid, according to hackers speaking anonymously to the publication:
A Twitter insider was responsible for a wave of high profile account takeovers on Wednesday, according to leaked screenshots obtained by Motherboard and two sources who took over accounts.
“We used a rep that literally done all the work for us,” one of the sources told Motherboard. The second source added they paid the Twitter insider. Motherboard granted the sources anonymity to speak candidly about a security incident.
These accounts were hijacked using an internal tool at Twitter. Some accounts were taken over by hackers as the internal tool allowed associated email addresses to be changed.
Twitter tonight clarified part of their investigation into the matter tonight, saying “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
“We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it,” explained Twitter.
Twitter CEO Jack Dorsey said it was “a tough day for us at Twitter,” adding “we all feel terrible this happened.”
Tough day for us at Twitter. We all feel terrible this happened.
We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.
💙 to our teammates working hard to make this right.
— jack (@jack) July 16, 2020
During the hacking investigation, Twitter shut off password resets and locked tweeting abilities from verified accounts, including ours (@iPhoneinCanada), to mitigate the hijacking.
Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.
— Twitter Support (@TwitterSupport) July 16, 2020
“Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues,” explained Twitter at 7:38pm PDT.
Hijacked accounts tweeted out messages urging users to send money to a bitcoin account, pinning tweets on high-level Twitter accounts, urging people to send money in fake 2 for 1 offers, only valid for 30 minutes to an hour or so.