Several High-Profile Accounts Hacked in the Biggest Twitter Hack of All Time

Social media platform Twitter, earlier today on Wednesday, was
on fire after it suffered one of the biggest
cyberattacks in its history.

A number of high-profile Twitter accounts, including those of US
presidential candidate Joe Biden, Amazon CEO Jeff Bezos, Bill
Gates, Elon Musk, Uber, and Apple, were breached simultaneously in
what’s the biggest hacking campaign carried out to promote a
cryptocurrency scam.

The broadly targeted hack posted similar worded messages urging
millions of followers to send money to a specific bitcoin wallet
address in return for larger payback.

“Everyone is asking me to give back, and now is the time,” a
tweet from Mr Gates’ account said. “You send $1,000, I send you
back $2,000.”

Twitter termed the security incident as a “coordinated social
engineering attack” against its employees who access its internal
tools.

As of writing, the scammers behind the operation have amassed
nearly $120,000 in
bitcoins^[2], suggesting that
unsuspecting users have indeed fallen for the fraudulent
scheme.

“We detected what we believe to be a coordinated social
engineering attack by people who successfully targeted some of our
employees with access to internal systems and tools,” the company
said in a series of
tweets^[3].

“Internally, we’ve taken significant steps to limit access to
internal systems and tools while our investigation is ongoing.”

It’s not immediately clear who was behind the attack, or the
attackers could have had access to direct messages sent to or from
the affected accounts.

The attack appears to have been initially directed against
cryptocurrency-focused accounts, such as Bitcoin, Ripple, CoinDesk,
Gemini, Coinbase and Binance, all of which were hacked with the
same message:

“We have partnered with CryptoForHealth and are giving back 5000
BTC to the community,” followed by a link to a phishing website
that has since been taken down.

Following the tweets, the accounts for Apple, Uber, Mike Bloomberg,
and Tesla and SpaceX CEO Elon Musk all posted tweets soliciting
bitcoins using the exact same Bitcoin address as the one included
on the CryptoForHealth website.

Although the tweets from the compromised accounts have been
deleted, Twitter took the extraordinary step of temporarily
stopping many verified accounts marked with blue ticks from
tweeting altogether.

Account hijacks on Twitter have happened before, but this is the
first time it’s happened at such an unprecedented scale on the
social network, leading to speculations that hackers grabbed
control of a Twitter employee’s administrative
access^[5] to “take over a
prominent account and tweet on their behalf” without knowing their
passwords or two-factor authentication codes.

Security researchers also found that the attackers had not only
taken over the victims’ accounts, but also also changed^[6] the email
address^[7] associated with the
account to make it harder for the real user to regain access.

Last year, Twitter chief executive Jack Dorsey’s account was
hacked in a SIM swapping
attack^[8], allowing an
unauthorized third-party to post tweets via
text messages^[9]
from the phone number. Following the incident, Twitter discontinued the
feature^[10] to send tweets via SMS
earlier this year in most countries.

Given the widespread scope of the campaign, the damage could
have been far more catastrophic. But the motive of the adversaries
seems to all but indicate this was a quick money-making scam^[11].

“The accounts appear to have been compromised in order to
perpetuate cryptocurrency fraud,” the FBI’s San Francisco field
office said in a statement^[12]. “We advise the public
not to fall victim to this scam by sending cryptocurrency or money
in relation to this incident.”

^[1]