On Wednesday 14th of July 2020, Twitter experienced its most disastrous breach yet as hackers infiltrated dozens of verified accounts, including those of Amazon CEO Jeff Bezos, Elon Musk, Bill Gates and Barack Obama, in what Twitter has labelled as a “coordinated social engineering attack”. The hackers shared posts from these high profile accounts asking followers to send cryptocurrency to a specific bitcoin wallet with the incentive of receiving double the money in return. As the scam spread across the platform, the hackers were reported to have siphoned more than $118,000 from Twitter users.
While they are likely to have made a significant profit, cyber-criminals have a reputation for adding to their Bitcoin wallets to give the scam a facade of legitimacy, so this could contribute to the reported figures.
Twitter is regularly used by authorities, governments and public figures to share official information. A platform with such high profile users and widespread influence must be strict about security. This incident certainly highlights the power of social media platforms and how critical it is that they are secure and protected from attackers. The events of this breach not only draw attention to potential security vulnerabilities of Twitter but also to the fact that many followers trust posts from verified users and this affects their ability to detect scams from accounts they consider reliable.
While there have been plenty of scams on Twitter over the years, there has been never been anything quite on this scale before. Whether this means it was a rare occurrence unlikely to happen again remains to be seen, but Twitter is sure to put new measures in place to prevent an event like this from happening again.
How did Twitter get hacked?
Twitter stated that they believe the hack was carried out “by people who successfully targeted some of [Twitter’s] employees with access to internal systems and tools.” Twitter employees with access to these tools can reset email addresses of accounts and so when the hackers attacked they had the power at their fingertips to do a great deal of damage.
CEO Jack Dorsey has said, “We all feel terrible this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.”
It has also been revealed that once the team at Twitter became aware of the attack, they “locked down the affected accounts and removed Tweets posted by the attackers” as well as limiting verified users’ ability to post in case their accounts would be hacked next. Twitter later updated users to say that the account restrictions should have been lifted.
What was the motive?
The attack appears to have had the sole aim of collecting as much money as possible in a short time frame. You can tell this from the suspicious nature of the same or very similar posts being shared across different verified accounts. If they wanted to run a more sophisticated and potentially longer-lasting scam, they would have been much more subtle and authentic in their approach. They went for what is known as a “smash and grab” operation that worked well enough to generate hundreds of contributions.
What happens next?
With an investigation underway, Twitter will likely spend the next few days looking into how the attack happened and how to mitigate similar breaches. It is also likely that a criminal investigation will be executed, but whether the culprits can be traced and identified is uncertain.
To reassure users and protect the company’s reputation, Twitter must be as transparent as possible about what took place and how they will ensure it doesn’t happen again.