Twitter suffered a major security breach on Wednesday as hackers accessed its internal systems to hijack accounts of some of the prominent figures including US presidential candidate Joe Biden, former American President Barack Obama, billionaire Elon Musk, as well as that of Apple and Uber and used them to solicit digital currency.
Other compromised accounts include those of Kanye West, reality TV star Kim Kardashian, Michael Bloomberg, Microsoft co-founder Bill Gates, Amazon CEO Jeff Bezos and a number of cryptocurrency exchanges or organizations.
Hijacked accounts posted scam tweets soliciting bitcoin transfers from followers. According to reports, the hackers have “so far succeeded in getting over $50,000 in Bitcoin transfers”.
Twitter confirmed the breach more than six hours after the hack began and attributed it to a “coordinated social engineering attack” on its own employees that enabled the hackers to access “internal systems and tools”.
As Twitter investigates what appears to be the largest and most coordinated hack in Twitter’s history, the company said, “We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it”.
“Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing,” Twitter said in a series of tweets.
The compromised accounts, which count tens of millions of followers, sent a series of tweets proposing a classic bitcoin scam. Followers were told that if they transferred cryptocurrency to a specific bitcoin wallet, they would receive double the money in return.
reportedly, some were duped, sending Bitcoin payments and expecting a double return that never arrived.
As the security breach came to light, Twitter, in an extraordinary measure, disabled the ability to tweet from validated accounts for about two hours.
A tweet that appeared on Elon Musk’s Twitter feed read: “Happy Wednesday! I am giving back Bitcoin to all of my followers. I am doubling all payments sent to the Bitcoin address below. You send 0.1 BTC, I send 0.2 BTC back!” The offer was valid “only for 30 minutes”, the post read, news agency AFP reported.
A similar tweet was seen on Joe Biden’s handle which read, “I am giving back to the community. All Bitcoin sent to the address below will be sent back doubled! If you send $1,000, I will send back $2,000. Only doing this for 30 minutes…Enjoy! (sic.)”
Meanwhile, the scammer’s website was quickly pulled offline. Kristaps Ronka, chief executive of Namesilo, the domain registrar used by the scammers, told TechCrunch that the company suspended the domain “on the first report” it received.
The security researchers found that the attackers had fully taken over the victims’ accounts, and also changed the email address associated with the account to make it harder for the real user to regain access.
(With agency inputs)