The unprecedented hack that hijacked the Twitter accounts of world leaders, business executives, artists, and top cryptocurrency exchanges was the work of a hacker who gained access to the social network through a company employee’s account, it was revealed late Thursday night.
According to reports from Vice, Tech Crunch and Business Insider, the hack, which began late Wednesday afternoon and threw the social media giant into disarray, was less a high-tech hijacking than the result of individual efforts. The attack allegedly began on a forum devoted to buying and selling prestigious Twitter usernames, OG Users, where a user named “Kirk” asked for help selling some stolen usernames. “Kirk” was eventually able to gain access to a central Twitter administrative tool that allowed them to control a large number of accounts.
The company says the hacker used this tool to change the passwords of around 130 high-profile users. “For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts,” the company wrote in a late Thursday update.
Those tweets together promoted a scam that netted about $130,000 in bitcoin in just a few hours.
Among the hacked include former President Barack Obama, Amazon CEO Jeff Bezos, former Vice President and Democratic presidential nominee Joe Biden, Kanye West, former New York City mayor Mike Bloomberg, and Tesla CEO Elon Musk. The attack also took over the accounts belonging to some of the biggest bitcoin and cryptocurrency websites, including Coinbase and Coindesk.
Based on what we know right now, we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident. For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts.
— Twitter Support (@TwitterSupport) July 17, 2020
The company hasn’t commented on the reports by Vice, Business Insider and TechCrunch, but it has moved swiftly to remove screenshots of the internal administration tool that was compromised. A centralized dashboard allows internal Twitter employees to control a large number of accounts, potentially making the company vulnerable to more wide-scale hacks.
Twitter was in disarray on Wednesday as one big celebrity after another posted the same two-for-one bitcoin offer. Beginning with Elon Musk at around 4 PM EST, the tweets said “I am giving back to the community. All Bitcoin sent to the address below will be sent back doubled! If you send $1,000, I will send back $2,000.”
The accounts that posted the message were quickly locked, and soon after, all verified Twitter accounts were prevented from tweeting. In many cases, users had to reset their passwords, and some verified Twitter users are still locked out from their pages. Legislators on both sides of the aisle in Congress have called for investigations, including the Senate Select Committee on Intelligence.
“The ability of bad actors to take over prominent accounts, even fleetingly, signals a worrisome vulnerability in this media environment, exploitable not just for scams but for more impactful efforts to cause confusion, havoc and political mischief,” Senator Mark Warner (D-VA), the vice chair of the committee, wrote on Thursday.
It is still unclear how exactly hackers got access to the central terminal. An insider was compromised, but whether that was willingly or otherwise remains uncertain, at least publicly.