Twitter proved this week that security breaches can happen to any company with absolutely no warning. Twitter suffered its worst security breach to date this week. On Wednesday afternoon, the verified Twitter account for Elon Musk, followed shortly by Bill Gates, started issuing tweets promoting a cryptocurrency scam. These posts asked followers to send cryptocurrency to a blockchain address in exchange for a larger payback.
Shortly after the first wave, similar tweets started appearing on the accounts for Apple, Uber, Jeff Bezos, Joe Biden, Barack Obama, Kanye West, Mike Bloomberg, and many other high-profile, verified Twitter accounts. The last count of compromised accounts stood at 130.
Clearly, this shows all the warning signs of a scam. Sadly, this didn’t prevent multiple people from being fooled into sending money to the blockchain address. The attackers have received nearly $120,000 so far.
Initially, Twitter didn’t respond with much information publicly. In an unprecedented move, Twitter opted to lock verified accounts while attempting to resolve the issue. Users were left to find out for themselves until the tweet below was released.
We’re continuing to limit the ability to Tweet, reset your password, and some other account functionalities while we look into this. Thanks for your patience.
— Twitter Support (@TwitterSupport) July 15, 2020
Internal Tools Used
Some reports say attackers were able to take over accounts by gaining access to an internal tool used by Twitter employees. Later, Twitter acknowledged that multiple employees were compromised. However, they don’t provide more information on how the attack happened.
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
— Twitter Support (@TwitterSupport) July 16, 2020
More Than A Scam?
According to Motherboard, this goes far beyond just a simple social engineering attack. Allegedly, hackers paid a Twitter employee to change the email addresses on high-profile accounts so they could gain control. Motherboard also shared screenshots of the tool used in the attack. Twitter has opted to suspend accounts and remove those images for violating their platform rules. One cybersecurity reporter claims the attack was pulled off by a group of SIM swappers once they had access to Twitter’s internal tool.
Twitter continues to investigate the incident, so no one knows for certain this is what happened. While the attack promoted a cryptocurrency scam, other motives may have also played a factor. The list of compromised accounts includes multiple political figures along with presidential hopeful Joe Biden. Multiple, speculative theories are beginning to surface everywhere now.
Some theories wonder whether the attackers were able to access direct messages for each account. This idea has caught the attention of Congress. Senator Ron Wyden stated, “If hackers gained access to users’ DMs, this breach could have a breathtaking impact, for years to come.” Twitter says they’re trying to find out “what other malicious activity they may have conducted or information they may have accessed.” Reportedly, the FBI will begin their own investigation into the incident also.
At worst, someone bribed employees to share secret internal tools. At best, employees fell for yet another social engineering scheme. This incident serves as a reminder to educate employees on recognizing social engineering schemes and make sure you’re adequately protecting your organization from internal sabotage. Employees should have enough access to do their jobs, but not enough to harm the company.
Looking for More Tips?
Blog posts with various IT tips and news are released every Friday. We publish new episodes of Tech Tip Tuesday as often as we can. You can view previous episodes in our Tech Tip Tuesday library. Click the Sign Up or Subscribe button on this page to subscribe and receive every tip directly in your inbox each week. Pit Crew IT Services can also help your organization with any IT needs you might have. Get started with a free consultation using the button below.