Several high-profile accounts on Twitter fell victim to a hacking attack earlier on Thursday; where their accounts tweeted out a popular bitcoin scam. These accounts included those of prominent politicians including presumed democratic presidential nominee Joe Biden and former US President Barack Obama; corporations such as Apple and Uber; business executives like Warren Buffet, Bill Gates and Elon Musk; cryptocurrency exchanges such as Gemini and Coindesk and celebrities like Kanye and Kim Kardashian West.
This coordinated attack is unprecedented, and sent Twitter into a firefighting mode. In a series of tweets, Twitter acknowledged the attack and attributed the breach to be a "coordinated social engineering attack" by people who successfully targeted some of their employees with access to internal systems and tools. The tweets have since been deleted, and the accounts placed under a lockdown.
Also Read: How We Tracked Down A Fake Flipkart Racket On Facebook
Bitcoin's ledger shows that the bitcoin address tweeted by these account - that of the scammer - have obtained north of $115,000 till the publication of this story.
Here's what all we know about the attack
Who all were targeted?
A known list of victims include the verified Twitter handles of the following politicians and celebrities, corporate bosses, and companies.
What did the attack include?
The coordinated attack on Twitter hijacked these accounts, and tweeted the following message (or similar) through the compromised handles,
"I am doubling all payments sent the to my BTC address for the next 30 minutes. You send $1,000, I send you back $2,000"
BTC is the notation used to represent bitcoin as a currency (similar to what notations like INR or USD are to their respective currencies).
Further, the tweets carried a recipients bitcoin address, and all the handles compromised have similar addresses. Refer to the similarity in BTC address in the screenshots below.
How have Twitter and others responded?
Twitter Support spelt out what they knew in a series of tweet.
The company said that the attack was perpetrated by gaining access to their internal admin system, calling it a "socially engineered", adding that investigations are ongoing.
To immediately check the damages and to limit its fallout, Twitter took steps to lockdown these accounts, to restrict activities undertaken by other verified accounts even though they have have no evidence to show that they had been compromised and would only restore these accounts when it felt like it could do so securely.
Earlier, they had restricted some abilities acrosss many accounts, including the ability to change passwords and tweet, but said that most these inhibitions had been restored to a majority of accounts.
They have also made some changes internally.
Jack Dorsey, Twitter's CEO, also said that Twitter would convey any further updates.
Tyler Winklevoss, of Facebook fame, and who is the CEO of cryptocurrency exchange Gemini, also confirmed the hack and added the BTC address put out by the scammer on its blocklist, so as to their customers do not send money across.
Also Read: How Fake News Lapped Up The India-China Conflict: A BOOM Study