Twitter was the target of a very public hack attack that’s still sending shockwaves across the internet. In what is a major security breach for Twitter, a handful of the most-followed Twitter accounts belonging to some of the world’s wealthiest individuals and companies all published a tweet asking followers to send Bitcoin with a claim offering to double their money in return.
Turns out it was a coordinated social engineering attack on Twitter’s employees that allowed the perpetrators access to company admin panels. Now, the FBI has started an investigation.
Twitter’s response a worrying five hours later was to do something few knew the company had the power to do: lock every verified account across the globe. Unfortunately.
The account freezes appeared to be a decision governed by panic. Twitter seemed to have no idea what was happening or how to stop it.
In a tweet thread posted during and after the hack attack, Twitter wrote: “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
The verified account freeze also impacted those users’ ability to reset their passwords.
The compromised accounts included Jeff Bezos, Bill Gates, Elon Musk, Bill Gates, Barack Obama, Apple, Kanye West, Joe Biden, Uber, Mike Bloomberg, Floyd Mayweather, Wiz Khalifa, and others. Twitter updated its ongoing incident report support thread Thursday evening to state that 130 accounts were affected by the attack.
Many observers immediately assumed that these high-profile accounts must have lax security standards, or don’t have two-factor enabled. However, Reuters reported that “Several users with two-factor authentication a security procedure that helps prevent break-in attempts said they were powerless to stop it.”
A Twitter spokesperson said via email, “Since July 2018 we’ve made clear that we do not shadowban.”
Twitter’s rep included a boilerplate listing Twitter policy on Trends content inclusion and exclusion, content newsworthiness, trending topic hashtag exclusion policy, and search rules and restrictions.
A different source told Motherboard the allegedly compromised Twitter employee was paid for their participation in the low-rent bitcoin scheme. “A Twitter spokesperson told Motherboard that the company is still investigating whether the employee hijacked the accounts themselves or gave hackers access to the tool,” Vice wrote.
It’s plausible that the attacker used pretexting, where they pretend to be a person with a legitimate need for access, relying on the victim’s trust and gullibility. Another possibility would be baiting, or a bait-and-switch in which the attacker might trick an employee into inserting a malicious USB stick or file into a computer to compromise it.
While this is certainly a huge black eye for Twitter, what might be more interesting to explore is what the attack tells us about who did this, and why. Which is something we’ll most likely find out, as bitcoin is not actually anonymous, and hiding the loot conversion trail is not trivial.