A coordinated takeover has affected multiple prominent Twitter accounts, including those of individuals like Bill Gates, Barack Obama and Elon Musk, and organisations such as Apple and Uber. Rather than being a hack by malicious outsiders, the attack has been traced back to a compromised Twitter employee.
Tweets from the various accounts encouraged people to send Bitcoin to a specific address, with the promise of doubling it in return.
A source told Vice, "We used a rep that literally done [sic] all the work for us." Another source said they got the insider onboard by paying them.
In a series of tweets, Twitter itself said that the social engineering attack compromised multiple employees. Its first message states, ‘We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.'
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.— Twitter Support (@TwitterSupport) July 16, 2020
Social engineering - targeting humans rather than software and systems - is a basic but widespread type of attack. The Twitter employees apparently had access to an internal tool that not allowed them to reset users' passwords, but also to change the email address associated with an account. Screenshots of the tool have been circulating online since the hack.
Websites like Twitter have a wide audience and are full of influential figures - including celebrities, politicians and business leaders. Even discounting the ability to steal money, hackers who successfully compromise social media accounts can cause major disruption on an international level. It is important that all companies - but especially those in the technology space - ensure that employees, as well as systems, are protected.
APT29 group is using publicly available exploits to conduct widespread scanning and exploitation against vulnerable systems, NCSC warns
The incident is expected to delay Tehran's nuclear enrichment programme by approximately two months
North Korea's Lazarus hackers are planting skimmers on US and European retail websites, researchers warn
The group has developed a global exfiltration network that uses hijacked websites to transfer stolen assets to attackers
EXIF format enables people to store interchange information in digital photography image files using JPEG compression
Hackers are targeting Australian organisations across a broad range of sectors, according to Prime Minister Morrison