Twitter Accounts Hijacked in Bitcoin Scam

In “2020 couldn’t be any crazier” news, Twitter has been targeted for its huge influence, and those influential players—specifically a subset of individuals who had verified accounts—were targeted to promote a cryptography scam that had far reaching implications, given their extraordinary foothold on some of Twitter’s most active players.

Some of these accounts had thousands of followers. Others had millions. Some of the accounts were brands that focus on cryptography. Others were support-focused brands (e.g. Apple). Others were influencers. Others were members of the media. Others were politicians.

Twitter’s acknowledgement came immediately thereafter, with the company stating that they’re aware of a “security incident” impacting many accounts on the platform. The domain referenced in the tweet was immediately removed at the first report by the domain name registrar, Namesilo, but the damage to Twitter in its intrusion was far reaching and has continued for over an hour since the report came in.

We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.

— Twitter Support (@TwitterSupport) July 15, 2020

 

What Twitter did was a rash decision of banning all users who were verified by preventing them from posting on the platform altogether. Twitter accounts with the verified checkmark, instead, were told their tweets couldn’t be sent, both on the top of the page and on the bottom, and couldn’t leverage a third party tool like HootSuite or Twitter’s own tool, TweetDeck, either.

It’s suspected that the break-in happened at a very high level, perhaps on the Twitter employee panel, that allowed multi-factor authentication to be bypassed and thus permitted an attacker to get into the account:

Yikes, strongest hypothesis is that the attackers have owned Twitter’s employee admin panel which allows Twitter employees ability to change pw/disable MFA to allow an attacker to take over a prominent account and tweet on their behalf without dealing with their password or MFA.

— Rachel Tobac (@RachelTobac) July 15, 2020

We won’t know right now as Twitter actively investigates and prohibits all verified accounts from posting (at press time, they’re still unable to tweet). 

In the meantime, what can we learn from this? Even the most secure of accounts can be compromised, especially when the systems these accounts reside upon aren’t protected enough. Whether that’s through weak coding infrastructure, social engineering, or a combination of the two, we may not know for a while, but we’re hoping to have some answers soon.