The last week was devastating for Twitter. The giant social media platform faced a huge security breach where over 130 accounts were targeted. The security breach witnessed Twitter accounts of some of the most powerful names including those of Bill Gates, Barack Obama, Kanye West, Joe Biden, Jeff Bezos, Warren Buffet, Kim Kardashian West, Mike Bloomberg, Uber and CashApp among others. All these high-profile accounts were hacked simultaneously by attackers who used these accounts to spread cryptocurrency scams. These accounts posted a message asking their followers to make a payment to a bitcoin wallet with the claim that the amount paid will be doubled and sent back to all those who make the initial payments.
Source- Twitter Screenshot
Initially, Twitter wasn’t clear whether private data was stolen, which would include Direct Messages (DM). But today Twitter admitted that the hackers accessed DMs for 36 of the 130 targeted accounts, including one elected official in the Netherlands. Twitter scrambled to contain the unrivaled attack, which led to Twitter temporarily disallowing verified - those with blue ticks, accounts to tweet. According to the cyber security experts, it is believed attackers were able to bypass account security assuming they had gained access to Twitter’s admin tools.
As per Twitter’s latest announcement, it is unclear whether hackers simply didn’t avail the opportunity to access DMs of the remaining 94 accounts or the attack gave only access to a few DMs for some time. Besides, Twitter had also previously stated it had no evidence that user passwords were accessed by these cyber criminals.
In the light of the unprecedented incident and with everyone’s eye on its response, Twitter has managed to provide daily updates since the hack. However, with all these updates it is still unclear how attackers were able to hack through such notable verified accounts. The social media platform initially stated that hackers got through their two-factor authentication steps, yet it did not elaborate if it referred to the slack accounts or the backend accounts. As per Twitter reports, the hackers initiated a password reset for as many as 45 accounts, logged into the account, and sent new tweets to push their cryptocurrency scam. Whereas, for eight accounts, the hackers downloaded account data through the ‘Your Twitter Data’ feature available on Twitter.
According to Forbes, Coinbase said it prevented Twitter users from sending money to the hackers’ wallet address. Coinbase claims it prevented over 1,000 customers from sending $280,000 USD as a part of the cryptocurrency scam. Before Coinbase understood the scam, 14 of its users had already initiated about $3,000 worth of bitcoin transfer. However, it blocked all the transactions within the initial few minutes of the cryptocurrency scam.
For a complete crackdown of one of the biggest, in terms of the reach the hackers achieved, hacks in today’s time, we will have to wait for Twitter to share its daily updates on what it is doing to prevent such cyber attack and on unmasking these attackers.
Follow us on Facebook, & LinkedIn or Contact us. Feel free to call us 406-646-2102 or mail sales@ExcelliMatrix.com.