Barack Obama, Elon Musk and Jeff Bezos suddenly promised on Twitter to repay the bitcoins sent to them twice. A fake. Never before have so many celebrity accounts been misused. This raises questions about Twitter’s security measures.
In an unprecedented hacker attack on Twitter, strangers have been able to promote Bitcoin scams through profiles of celebrities like ex-President Barack Obama and Amazon CEO Jeff Bezos. Twitter promised to clarify whether the attackers could also gain access to information from the affected accounts.
According to initial information from the short message service, Twitter employees with access to internal systems were targeted in a coordinated attack. Since the beginning of the Corona crisis, a large proportion of Twitter employees have been working from home. At the same time, the website “Vice”, citing an alleged attacker, reported that they also paid a Twitter insider for his help. The information could not initially be confirmed independently.
In the message distributed via the accounts on Wednesday, it was promised to repay the bitcoins sent in twice. Profiles of Democratic presidential candidate Joe Biden, former New York Mayor Michael Bloomberg, rapper Kanye West, Microsoft founder Bill Gates and Tesla boss Elon Musk were also misused. The account of US President Donald Trump, for whom Twitter is a central communication channel, was not affected.
What is particularly alarming about the attack is that, despite all the security precautions, the attackers succeeded in spreading their messages on a large scale via very well-protected Twitter accounts. With this access, instead of a crude bitcoin scam, for example, they could also have tried to manipulate stock prices via false tweets.
“We all regret that this happened,” wrote Twitter chief Jack Dorsey. “A tough day for us on Twitter.” As soon as the company had “a better understanding” of what had happened, the public would be informed as much as possible.
Many of the Twitter accounts were temporarily blocked, but were back online a short time later without the fraudulent messages. For the most part, verified Twitter profiles could not tweet for several hours because the service wanted to stop the Bitcoin scam from spreading further. Cryptocurrency worth over $ 100,000 was quickly sent to a Bitcoin account mentioned in the Twitter news.
Twitter has had problems hijacking accounts in the past – but never on such a broad front and with so many prominent names at once. The extent of the attack already suggested that this time it was not an app linked to Twitter accounts that was used, as in previous cases, but that Twitter systems were used directly for this.
The celebrity accounts are likely to be protected with complex passwords and so-called two-factor authentication, which also requires a freshly sent code to log on to another device. However, these security precautions could obviously be undermined by accessing Twitter systems.
Twitter had further tightened security after strangers spread news about CEO Jack Dorsey’s account almost a year ago. The service said at the time that its systems had not been hacked, but a security vulnerability at Dorsey’s mobile operator had allowed the tweets to be sent via SMS. Most recently, a group called “OurMine” managed to post to the accounts of several American football teams at the end of January. The aim was to show that “everything can be hacked,” it said at the time.
- Hackers: © Amir Kaljikovic – Fotolia.com