High-profile Twitter users’ accounts taken over in bitcoin scam.
Verified accounts are briefly muted as scam takes over feeds of Musk, Biden, others.
The attack announced itself one account at a time. Elon Musk. Kanye West. Bill Gates. Joe Biden. Barack Obama. Within a span of minutes Wednesday, some of social media’s biggest power users posted nearidentical messages soliciting bitcoin payments with an offer to pay back twice as much.
As more and more giant accounts chimed in — Warren Buffett, Jeff Bezos, Apple — it quickly became apparent the tweets were part of a coordinated attack, although it wasn’t immediately clear who was behind it, how it was perpetrated or whether it had a purpose beyond bilking some gullible Twitter users out of cryptocurrency.
By late afternoon, with the scam having already extracted more than $100,000 in cryptocurrency, Twitter determined the only way to protect its most prominent users was to silence them, at least temporarily. “We are aware of a security incident impacting accounts on Twitter,” the company tweeted. “We are investigating and taking steps to fix it.”
Among those steps was blocking accounts of verified users — a group that includes most celebrities, news organizations and major brands — from tweeting.
Social media has often been styled a great equalizer, a tool that gives nobodies the kind of broadcasting power once limited to presidents and sports stars. In reality, internet fame has mostly served to amplify the voices of the already famous.
But for the two hours before Twitter restored tweeting privileges to so-called blue checkmarks (the badge indicating an account is verified), the timelines belonged to the little people. Meanwhile, massive accounts such as NBC News, with followings in the millions, were left to tweet from alternate or temporary handles to cover the story of the hack.
Twitter, which saw its shares decline as much as 3.8% after the market closed, blamed “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
“Tough day for us at Twitter,” Chief Executive Jack Dorsey tweeted. “We all feel terrible this happened.”
“This is definitely one of the largest hacks of highprofile accounts on a single day that I can remember,” said Theresa Payton, former White House chief information officer and now chief executive of Fortalice Solutions, a cybersecurity consulting firm.
The effect on Twitter’s reputation will depend on how the company follows up, she said. Beyond repaying anyone who fell victim to the bitcoin fraud, Payton said the company owed a complete investigation to the people whose accounts were hacked, adding that the bitcoin scam messages could be just the most obvious sign of malicious activity.
They also serve as a wake-up call. “If today had been a week before the presidential election and the accounts of Bill Gates and Barack Obama and Joe Biden were taken over and they said something completely outrageous, that could have had an impact on the psyche of voters going into the voting booths,” Payton said.
Twitter users have been subject to hacks before.
A 2013 hack gave attackers access to 250,000 users’ email addresses and usernames, and in 2016 news outlets reported that 32 million users’ login credentials had been hacked and posted online, but the accuracy of the compromised data came under dispute.
Targeted hacks of major accounts have also plagued the site over the years. In 2011, Fox News’ Twitter account was taken over to tweet false news that President Obama had been assassinated.
Similar hacks occurred in 2013, when the accounts of Burger King and Jeep were taken over to tweet that they were being acquired by McDonald’s and Cadillac, respectively. That year, Twitter added two-factor authentication, which requires users who enable it to verify their identity with a phone number.
Although that measure improved security for accounts that enabled it, hackers were able to take over the account for the U.S. military’s Central Command in 2015 to tweet pro-Islamic State messages and hints they had access to military documents and private information on military personnel.
The highest-profile hack in recent memory came in the summer of 2019, when Dorsey’s account was taken over and used to retweet pro-Nazi and hacking related tweets.
Twitter has also faced a number of cryptocurrency related hacks. In 2017, controversial antivirus and cryptocurrency entrepreneur John McAfee saw his account hacked and used to promote obscure cryptocurrencies, and in 2018 hackers took control of Target’s Twitter account to tweet a bitcoin scam.
In 2017, a contract worker in Twitter’s Trust & Safety division used his access to briefly deactivate the personal account of President Trump. After restoring Trump’s account, Twitter said it had put in place additional safeguards “to prevent this from happening again.”
Trump’s account was not among those compromised in Wednesday’s attack.