Twitter said late Thursday that 130 high-profile accounts were hit by a cyberattack to promote a Bitcoin scam.
“Based on what we know right now, we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident,” the firm tweeted.
Based on what we know right now, we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident. For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts.
— Twitter Support (@TwitterSupport) July 17, 2020
“For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts.”
The hack on Wednesday breached the accounts of many prominent figures in business, politics and entertainment.
The Twitter accounts of Amazon CEO Jeff Bezos, Microsoft founder Bill Gates, Tesla CEO Elon Musk, US presidential candidate Joe Biden and former US president Barack Obama were compromised. Apple and Uber corporate accounts were also hit.
During the hack, the accounts posted tweets to persuade people to send funds to a Bitcoin wallet address. It promised to double the funds and send them back.
In previous cyberattacks, scammers used names and profile pictures of popular figures to hook people into sending them cryptocurrency.
On Wednesday’s Bitcoin scam, the perpetrators targeted verified Twitter accounts to pull off their scheme.
“These attackers were the equivalent of stealing a McLaren F1, taking it for a joyride and then crashing it into a telephone pole 4 minutes later,” former Facebook security chief Alex Stamos told CNBC. “There is so much more damage that could have been done.”
Reports say the hackers received more than $100,000 from hundreds of payments to three separate Bitcoin wallet addresses.
A coordinated social engineering attack
Twitter said the hack may have been a “coordinated social engineering attack” on its employees. Insiders could have been tricked to give hackers access to internal systems and tools.
“The biggest area of risk for almost any company is the insider threat,” said Stamos. “To operate your business, you have to provide data and access to thousands and thousands of employees.”
Twitter said Thursday it is working with the affected account owners, and will continue over the coming days.
“We are continuing to assess whether non-public data related to these accounts was compromised, and will provide updates if we determine that occurred,” the firm said.
Twitter has yet to reveal how much control the hackers had over the profiles. They might have accessed the users’ direct messages and other sensitive information.
The firm said, however, that there was no evidence the attackers used the affected accounts’ passwords.
“Currently, we don’t believe resetting your password is necessary,” it said.
The FBI has started its own investigation on the Bitcoin scam, The Wall Street Journal reports.