wordpress blog stats
Connect with us

Hi, what are you looking for?

, , ,

Prominent Twitter accounts hacked using company’s own tool

Throughout Wednesday night, multiple high-profile Twitter accounts, including those of Apple, Bill Gates, Elon Musk, Warren Buffett, Joe Biden, Kim Kardashian West and Barack Obama were compromised. The accounts were then used to post cryptocurrency scams soliciting money for a supposed payoff. Vice reported, and Twitter later confirmed, that the attack was caused by attackers gaining access to an internal tool at Twitter that let them take control of high-profile handles. One individual claiming to be behind the attack told Vice that they paid an insider at Twitter to gain access to the account.

Such high profile accounts all getting hit at the same time was highly unusual — even accounts belonging to cryptocurrency accounts like Bitcoin’s official handle were taken over to display the messages, TechCrunch reported, lending the scam more credence. A Twitter spokesperson directed us to this thread in response to our queries on how long it took the company to take action and what would be the consequences for the employees whose access was compromised to execute the hack. Twitter took over two hours to issue a statement on the compromised accounts.

An example of what compromised accounts posted.

Internal Twitter tool used for compromise

“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” Twitter said. The company then locked all accounts that were impacted by the hack, and limited features for all verified accounts as it looked into how the hack occurred. CNN Business reported that a single address was said to have received over $100,000 following the scam. A record of the wallet shows that this one address has received the equivalent of over US$116,000 so far.

When Twitter accounts have been compromised in the past, incidents were individual in nature, sometimes because of password reuse on some accounts. But this scam essentially reassigned accounts to the attacker’s email address, effectively handing them access to the account for no fault of the compromised users. While a domain name, cryptoforhealth.com, used for the scam was taken down by its registrar, per TechCrunch, the attackers switched to directly posting a Bitcoin wallet address, which is much more difficult to attribute to its owner, let alone shut down. Twitter has been taking down screenshots of the tool the attackers took advantage of, per CNET.

This isn’t the first time such a high-profile security incident has occurred on Twitter because of its own internal tools. In 2017, a customer support employee on his last day of work deleted US President Donald Trump’s account from the service. Trump’s account was not impacted in the Wednesday incident, but he was, like all verified users, locked from posting tweets for a brief period. In 2019, Wired reported that two Twitter employees had been spying on users using their privileged access on behalf of Saudi Arabia.

Written By

I cover the digital content ecosystem and telecom for MediaNama.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.

News

Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.

News

This article addresses the legal and practical ambiguities in understanding the complex crypto ecosystem in India.

News

It is widely argued that the PDP Bill report seeks to discard the intermediary status of social media platforms but that may not be...

News

Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ