Social network platform and micro-blogging site Twitter says that several hackers compromised high-profile accounts due to access to internal tools
Recently, there has been an unprecedented attack on Twitter, and there have been numerous takeovers of high-profile accounts on the site. The high-profile accounts included those of former US President Barack Obama, Democratic candidate Joe Biden, and Tesla CEO Elon Musk. Twitter immediately posts a series of tweets where it stated that the internal systems were compromised by several hackers, thereby confirming theories that the attack cannot be made without any access to the company’s tools and employee privileges.
It is theoretically possible that the hackers may get direct access to private messages, and the ones responsible for this hack have appeared to use the account takeovers as a way to promote a bitcoin scam.
“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” a Twitter tweet stated. “We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf.”
This tweet shows that the social platform is acknowledging that several people seem to be involved in the hacks, and not just a single individual. This means that several employees were compromised too. Though Twitter didn’t elaborate anything on tools used accessed by the hackers or the way of hacking, Motherboard site stated that there underground hacking circles who shared screenshots of an internal company admin tool suspected of being used in the hack and takeovers. This is predicted to have been done most likely by resetting the account email addresses and then retrieving the passwords. Also, the near-simultaneous account takeovers of Presidential candidates suggests that the attackers did not directly exploit any high profile individual account owners and had very less indirect access to employee tools.
Twitter mentioned that it is at present investigating “what other malicious activity the hackers may have conducted or the information that might have been accessed and leaked. We will share more info here as we have it.”
It is theoretically possible that the hackers may get direct access to private messages, and the ones responsible for this hack have appeared to use the account takeovers as a way to promote a bitcoin scam. One such resulted in people sending nearly $120,000 worth of the cryptocurrency to the digital wallet address that is listed in nearly all of the tweets and blockchain records show.
But Twitter also says that there could also be ulterior motives more than just a cryptocurrency scam. Twitter would now face severe consequences and questions about its internal security precautions and the protection policies it has in place to prevent such an incident from happening again. It is most likely that the micro-blogging site may find itself facing government inquiries and investigations too. Twitter stated that once it received the information about the situation, it “immediately locked down the affected accounts and removed Tweets posted by the attackers.” It also took the step of disabling the ability for verified accounts to send new tweets.
“Though this step was a disruptive one, it was important to reduce the risks. Most functionality has been restored but Twitter may take further actions and will immediately update you if we do,” the Twitter update reads. “We have locked the compromised accounts and will restore access to the original account owners only when we are fully certain of their safety.” Twitter also says that it’s taken steps internally to “limit access to internal systems and tools while the investigation is on the process.”
The Motherboard site also stated that it talked to hackers who said they paid a Twitter employee to alter the email addresses of popular accounts with the internal tool so that they could then take control of those accounts. The site also shared some screenshots of the internal tool allegedly used for hacking, including a picture where viewers can see sensitive data info. Twitter is reportedly suspending all accounts that are sharing the screenshots and manually removing them for violating its policies and rules.
