THE Twitter suffered a formidable attack on Wednesday afternoon: accounts of famous people (executives, government officials, artists, etc.) and prominent companies in the area of technology, including the Apple, were invaded by hackers still unknown. The scam is carried out by deceiving network users, who send Bitcoins to the wrongdoers hoping to receive double the amount from the people / companies in question.
In addition to Apple and Uber, for example, bill Gates, Elon Musk, Jeff Bezos, Kanye West and others have also been invaded. Most tweets (like Apple’s) have been deleted, but the invasion appears to be widespread.
The scam is being stopped quickly – but not enough to stop the invaders from earning an impressive amount of money. This page shows the amounts received by the address specified in the tweets, and indicates that the scammers have already received more than $ 100,000 – only one victim has donated more than $ 40,000 to malefactors, apparently.
There is still no information about the flaw that originated the attack, but there are indications that the invasion was initiated by hacking a Twitter employee’s control panel. The hypothesis is plausible, considering that tweets are being published via the web (attackers therefore have direct access to accounts).
The attack was initially aimed at cryptocurrency companies, but soon afterwards it also began to attack popular accounts on the network. In addition to the aforementioned profiles, accounts Warren Buffett, Joe Biden, Michael Bloomberg and the CoinDesk were also affected. The latter, specifically, claimed that his account has two-factor authentication enabled – which would theoretically hinder such an invasion, but apparently did not do much to protect the profiles.
The tweets are being deleted after publication, but they continue to appear: just now, Elon Musk’s account on the network published yet another message asking for Bitcoins, as well as that of Barack Obama and that of the Prime Minister of Israel, Benjamin Netanyahu. The attack, therefore, remains active. Twitter has yet to comment on the case, but one can imagine that the headquarters of the bird’s social network is running everywhere trying to contain the problem.
We will stay tuned and bring more information soon.
Update 07/15/2020 at 18:53
And Twitter spoke up – but without saying much:
We will continue to follow, therefore.
Update II 07/15/2020 at 19:25
Apparently, to curb the attack, Twitter took a drastic step: temporarily verified accounts no are able to make publications on the network or change their passwords. The official Twitter support account noted the limitation:
In other words: now and for the next few hours, the bird’s net will be just us, mere mortals. ?
Update III, by Eduardo Marques 07/15/2020 at 21:55
And things are getting back to normal – but they could get bad again, according to Twitter:
It is already possible to follow several tweets from verified accounts. Let’s hope that everything gets fixed as quickly as possible – and that Twitter explains exactly what happened.
Update IV, by Eduardo Marques 07/16/2020 at 00:27
Jack Dorsey, Twitter CEO, gave the following statement:
Shortly thereafter, Twitter released the following statement:
Our investigation continues, but here’s what we know so far:
We have detected what we believe to be a coordinated social engineering attack by people who have successfully reached some of our employees with access to internal tools and systems.
We know that those responsible for the attack used access to take control of high-profile (including verified) accounts and tweet on their behalf. We are investigating what other malicious activities these people may have done or information they may have had access to.
As soon as we became aware of the incident, we immediately restricted the affected accounts and removed the tweets posted by the hackers.
We also limited functionality to a larger group of accounts, such as verified (including those without evidence of being compromised), while continuing to investigate the incident broadly and completely.
This action is not trivial, but it was an important step in reducing risks. Many of the features have already been restored, but we can still take further action – we’ll let you know if it does.
We restrict compromised accounts and re-establish access to those who are entitled only when we are sure that it can be done in a completely secure manner.
Internally, we have taken important steps to limit access to systems and tools while our investigation is ongoing. We will bring updates in the course of this work.
We will see what else will emerge from this investigation.
Update V, for Rafael Fischmann 07/16/2020 at 06:21
THE VICE has already published a report with possible information on how it all happened, and the thing seems to have involved at least one Twitter employee with full access to user accounts, who changed the email addresses associated with them.
One of the crackers involved in the attack, identified as “Kirk”, appears to have earned at least $ 100,000 from transactions made via Bitcoin.
Update VI, by Rafael Fischmann 07/16/2020 at 17:44
In a new thread of tweets, Twitter said it found no evidence that the crackers involved in yesterday’s attack had access to user passwords, so there is no need for them to be reset.
Just as a precaution, what Twitter has done is to block resetting passwords on all accounts whose passwords have tried to be changed in the past 30 days.