Several Twitter accounts of high profile Americans were taken over on 15 July, directing followers of billionaires and politicians to send cryptocurrency to a Bitcoin wallet. The tweets also promised that anyone sending the money would receive double their contribution in return.
Appropriated accounts included those of U.S. presidential candidate Joe Biden, Elon Musk, Bill Gates, Jeff Bezos, Kanye West, former U.S. President Barack Obama, Uber, and Apple.
Although Twitter removed the messages by Wednesday afternoon, shortly after they were posted, some accounts, including those of Musk and West, reposted new messages with the same request once the old ones were deleted, according to The New York Times.
By Wednesday evening, the scam had generated roughly $118,000 through more than 300 transactions, according to Blockchain records.
Along with taking down the fraudulent messages, Twitter also shut down part of its network to address the scam, including the ability for verified users to send out tweets for a few hours.
The requests were a variation of a scam where someone poses as a known public figure on social media, promising to match or double any funds sent to their cryptocurrency accounts. This instance was the first time that the actual accounts of real public figures were used.
Twitter said the breach was accomplished through a coordinated social engineering attack targeting the company’s employees instead of the public figures. Such attacks convince people to disclose their credentials.
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
— Twitter Support (@TwitterSupport) July 16, 2020
After the attacker or attackers had access to employees’ credentials, Twitter’s internal systems were used to tweet from the accounts. In a Vice article, a Twitter employee claims to have been partly responsible for providing the attackers with access to part of Twitter's system after being paid off.
According to the Times article, the attack’s nature and focus on financial gain “led American intelligence agencies to an initial assessment that this was most likely the work of an individual hacker, not a state.”
Had a more ambitious or state attacker from North Korea, Russia, China, or Iran taken advantage of this suspected security flaw in Twitter’s system, security experts noted that the outcome could have been much worse. World and business leaders’ accounts can be socially influential, as well as sway the stock market and alert users to upcoming changes in government.
“The real fallout came as business leaders, politicians, and everyday users realized that their chosen network for real-time information is even more vulnerable to being hijacked than they thought,” Axios wrote.
The Washington Post’s Technology 202 section noted that, “If hackers gained similar access in November, they could disrupt voting by pushing voter fraud or planting false information about polling locations being impacted by the coronavirus.”
Twitter is likely to see additional scrutiny in the wake of this breach. Technology 202 added that the company is currently under an order with the U.S. Federal Trade Commission due to a privacy settlement.
“Depending on the circumstances that caused this breach, the agency may move to open an investigation into whether the company violated the terms of that agreement,” Technology 202 reported.
Another bit of collateral damage from the breach was the National Weather Service, which, as a verified user, was unable to tweet out a tornado warning affecting parts of the U.S. state of Illinois.
Again...NWS Lincoln, IL can’t tweet right now because of the Twitter lock of verified accounts. What a mess. There is a tornado warning in effect. https://t.co/9Ft705qfMB pic.twitter.com/eS3kynJtey
— Derrick Snyder (@Derrick_Snyder) July 15, 2020