Twitter has revealed that its own administrative tools were used to take over the accounts of dozens of celebrities, politicians and billionaires in a reported ‘inside job’ that is among the largest social media breaches in history.
‘Tough day for us at Twitter. We all feel terrible this happened,’ Twitter CEO Jack Dorsey tweeted, promising to share information about the breach as it became available.
The attack unfolded on Wednesday evening, with the affected accounts including presidential candidate Joe Biden, Elon Musk, Jeff Bezos, Bill Gates, Kanye West and Kim Kardashian West.
Former President Barack Obama, the most popular account on Twitter with more than 120 million followers, was also targeted, as were the corporate accounts of Apple and Uber.
In an urgent response to the breach, Twitter took the extraordinary step of temporarily blocking all verified accounts from tweeting. Shares in the company fell nearly 4 percent in after-hours trading.
‘While account take-overs are commonplace, this would be appear to be a compromise on an unprecedented scale,’ Brett Callow, a threat analyst at cybersecurity firm Emsisoft, told DailyMail.com of the breach.
Former President Barack Obama, the most popular account on Twitter with more than 120 million followers, was targeted by hackers who posted a bitcoin scam to his account
Late on Wednesday, Twitter revealed that some of its employees with access to internal systems had been targeted by a ‘coordinated social engineering attack,’ a term that typically refers to the use of psychological manipulation of individuals to gain access to restricted systems.
Two people who took credit for the breach claimed that they had paid a Twitter insider to carry out the attack for them, according to Motherboard.
‘We used a rep that literally done all the work for us,’ one of the individuals told the publication.
Following the breach, screenshots that appeared to be of a Twitter administrative panel circulated online.
The admin panel shows details of a user’s account and allows the administrator to suspend, permanently suspended, grant ‘protected’ status.
The panel also shows functions named ‘trends blacklist’ and ‘search blacklist’ that suggest Twitter is able to limit how easily an account’s tweets appear across the site.
Twitter has been deleting some screenshots of the panel from its service, and has suspended users who have tweeted them, claiming that the tweets violate its rules.
The company said that its investigation into the breach was ongoing.
It is not the first time a Twitter employee has been implicated in malicious actions.
In 2017, a Twitter worker went rogue and briefly deleted Trump’s account before it was quickly reinstated.
According to the Justice Department, two other former Twitter employees previously abused their access to spy on users for the Saudi regime.
Other political figures impacted in Wednesday’s attack included Rep. Alexandria Ocasio-Cortez and former Democratic presidential candidate Mike Bloomberg.
Of the politicians affected by the breach, all appeared to be Democrats.
President Donald Trump’s account, a high-profile target, was not affected. It is possible that Twitter has additional restrictions on the accounts of world leaders that make it impossible for most of its own employees to access them.
Biden’s campaign was ‘in touch’ with Twitter, according to a person familiar with the matter. The person said the company had locked down the Democrat’s account ‘immediately following the breach and removed the related tweet.’
President Donald Trump’s re-election campaign seized on the breach, with campaign spokesman Tim Murtaugh mocking the scam message as similar to Biden’s policy proposals.
‘I’ve seen creative ways to disguise a tax increase, but this takes the cake,’ Murtaugh tweeted. ‘Hacked account or not, this is a perfect metaphor for Biden’s pitch to taxpayers: ‘Give me your money!”
More than an hour after the first wave of hacks, Twitter prevented at least some verified accounts from publishing messages altogether.
According to UN Cybercrime Chief Neil Walsh, the ban extended to all verified accounts worldwide, an unprecedented step that shut down a critical platform for rapid communication.
Verified users include celebrities and journalists, but also governments, politicians and heads of state.
For several hours on Wednesday, Twitter users with verified accounts saw this message when they tried to post a tweet, as the site shut down all checkmarks as a precaution
Twitter shares fell nearly 4% in after-hours trading as the company froze verified accounts
Although individual Twitter accounts have been briefly breached in the past using stolen passwords, the scale of Wednesday’s attack was unprecedented.
‘This appears to be the worst hack of a major social media platform yet,’ said Dmitri Alperovitch, who co-founded cybersecurity company CrowdStrike.
The fraudulent tweets all followed a similar formula, and directed potential victims to send bitcoin to the same anonymous wallet.
‘I am giving back to my community due to COVID-19!’ read the scam tweet posted to Obama’s account.
‘All Bitcoin sent to my address below will be sent back doubled. If you send $1,000, I will send back $2,000!’ the fake message continued.
The message shared on Bezos’ account stated he is ‘only doing a maximum of $50,000,000.’
One scam tweet surfaced on Elon Musk’s Twitter account around 4:30pm ET Wednesday
Amazon CEO Jeff Bezos was also among the victims targeted in the bitcoin scam
Most of the fraudulent tweets disappeared within minutes of first being posted, suggesting that Twitter administrators were playing whack-a-mole with the attacker.
Although many users knew the gesture was the evil working of a cybercriminal, others replied they sent money to the listed account.
Many Twitter users posted screenshots of bitcoin transfer receipts to the wallet listed in the scam, claiming they had been duped before realizing the scam.
Publicly available blockchain records show that the apparent scammers have already received more than $100,000 worth of cryptocurrency, with the amount still growing.
Several Twitter users claimed that they had fallen for the scam and sent bitcoin
Some experts said the incident has raised questions about Twitter’s cybersecurity.
‘It’s clear the company is not doing enough to protect itself,’ said Oren Falkowitz, former CEO of Area 1 Security.
Alperovitch, who now chairs the Silverado Policy Accelerator, said that, in a way, the public had dodged a bullet so far.
‘We are lucky that given the power of sending out tweets from the accounts of many famous people, the only thing that the hackers have done is scammed about $110,000 in bitcoins from about 300 people,’ he said.