UPDATED 23:35 EDT / JULY 15 2020

SECURITY

Bitcoin scammers hack Twitter accounts of Obama, Biden, Musk, Bezos, Gates and more

The Twitter accounts of some of the world’s most recognizable people were hacked today by cryptocurrency scammers.

The accounts were about as high profile as it gets, consisting of people and entities mostly related to politics, tech and entertainment. The victims included: Apple Inc., Wendy’s Co., Uber Technologies Inc., Barack Obama, Joe Biden, Jeff Bezos, Elon Musk, Bill Gates, Warren Buffet, Kim Kardashian West, Mike Bloomberg, Kanye West and more high-profile figures. President Trump was not affected.

The messages that appeared on the hacked accounts were much the same, telling people that if they sent a certain amount of bitcoin to the address given, the payment would be doubled and returned. The first accounts to be hacked were ones that focus on cryptocurrency, with the high-profile figures following.

annotation-2020-07-16-100451

It was 2:45 p.m. PDT before Twitter Inc. first acknowledged the breach, saying that that it was a “security incident.” It seems that the hackers were not concerned about embarrassing any public figures, but the scale of the breach certainly left Twitter with a red face — and a lot of security experts dismayed and worried.

It’s believed that the failure was not related to the users, but to Twitter’s infrastructure. “It is highly likely that the attackers were able to hack into the back end or service layer of the Twitter application,” said Michael Borohovski, director of software engineering at security company Synopsys.

He added that if the hackers do have access to Twitter’s back end or database, there was a potential for a huge data breach. Other security experts called it the worst hack of a major social media platform ever.

Worst still, some accounts were breached multiple times. Elon Musk’s account solicited cryptocurrency once, whereupon it was taken down, but it was taken over twice again.

“We’re continuing to limit the ability to Tweet, reset your password, and some other account functionalities while we look into this,” Twitter said some time later, followed by another tweet, “Most accounts should be able to Tweet again. As we continue working on a fix, this functionality may come and go. We’re working to get things back to normal as quickly as possible.”

Finally at 5:41 p.m., Twitter in a series of tweets provided more details of the attack:

“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools. We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.”

It’s not known how much money the attackers made from the scam, but early reports suggest they might have bagged $116, 000. That amount was increasing when last reported, but experts are saying that things could have been much worse.

Alex Stamos, director of the Stanford Internet Observatory and the former chief security officer at Facebook, told the New York Times that although the breach in itself was bad, when such high-profile names are hacked there is cause for concern. “We got lucky that this is what they decided to do with their power,” he said.

It’s the next time that security experts are more worried about.

Photo: Andreas Eldh/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and soon to be Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

We are holding our second cloud startup showcase on June 16. Click here to join the free and open Startup Showcase event.

 

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you. Thanks for taking the time to read this post. Looking forward to seeing you at the event and in theCUBE Club.