Yesterday night was interesting on Twitter. At 23:00 some strange messages began to appear on some Twitter accounts of verified people and companies of great importance worldwide. One of the first cases was that of Apple or that of the ex-president of the United States, Barack Obama. Those messages varied between accounts but they all shared one aspect: they offered an ID of a Bitcoin transaction. Some accounts offered to double the amount entered and others claimed that they had started a campaign to help in the COVID-19 pandemic. Twitter had to block tweets from verified accounts and you will have to explain what happened.
An unprecedented mass hack that has attacked great personalities
The hackers who attacked the Twitter servers last night did not care about the color, nor the race, nor the language in which they spoke, nor how important they were worldwide. The only thing they were looking for was verified accounts to achieve the greatest possible impact. Among the most important personalities that have suffered the hack is the official account of Apple, Joe Biden, Elon Musk, Bill Gates, Uber, Floyd Maywether, Jeff Bezos, Barack Obama or MrBeast.
The messages published by these people or companies were deleted minutes after being published. However, the damage was eventually done. The goal was get users to enter bitcoins in an ID that they distributed to all the hacked. In hacked accounts that had to do with cryptocurrencies like Coinbase or Gemini the impact was greater because their followers knew what was said and what they promised. The final amount received by users external to the ID published by the hackers is $ 118,297.87.
We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.
– Twitter Support (@TwitterSupport) July 15, 2020
The role of Twitter support in all this
The attack is interesting for several reasons. First, It has been accessed through the official Twitter website. In other words, all tweets were published from the official website and not from a third-party platform. Secondly, They managed to access it even with strong passwords and two-step verification. This could be the most interesting thing. Once the hackers managed to gain control of their accounts, they ensured that they had strong passwords with two-step verification activated that they managed to skip. On the other hand, hackers changed the verification email preventing those affected could access to reset their password, allowing more control to attackers.
Finally, Twitter’s action in this situation was rapid, although explanations about what happened are still awaited. In the first minutes after the first tweets the ability to tweet from verified accounts was disabled, since they were the most affected within mass hacking. Also, disabled password reset. Regarding the origin of the hack, from @TwitterSupport they assure that it was a Coordinated engineering attack on some Twitter employees. This allowed access to internal Twitter tools and programs, taking control of verified accounts and modifying password reset data.