The Mass Twitter Hacking

Twitter Hacking – Bill Gates, Apple, Jeff Bezos Account Hacked! How it happened?

Twitter hacking – The official Twitter accounts of Microsoft’s co-founder Bill Gates, Amazon’s founder Jeff Bezos, Tesla’s Elon Musk, Kanye West etc, were hijacked by someone and were taken over, for a brief period of time.

Along with those twitter accounts, several other A-list accounts, including the Twitter’s very own support account, and the accounts of various cryptocurrency businesses and affiliated executives were also hijacked to promote a Bitcoin Scam.

Here’s how the hijacked Twitter feed of the accounts looked like:

Twitter hacking - Screenshots of Hacked Account
Twitter hacking – Screenshots of Hacked Account

It is still not clear whether it was done by a single individual or a group of certain people. Twitter is now officially investigating the case and is looking for the root cause. The tweets are now removed however, as you can see in the screenshot above. The tweets included a BTC (Bitcoin) address for those who somehow believed they might be able to double their money by sending it to the listed BTC address in the tweet and hoping for the best.

Similar kind of solicitations appeared on the verified twitter accounts of Binance, Coinbase, Gemini, Kucoin, Coindesk, Litecoin’s Charlie Lee etc. Also, it was noticed that some of the hijacked accounts had their registered email addresses changed to something else.

This raised a suggestion that someone possibly a individual or a group of individuals were able to get through all the high profile twitter accounts, change the email addresses and potentially disable multi-factor authentication, reset the passwords, and get in to tweet regarding the Bitcoin-harvesting scam.

So how this Mass Twitter Hacking happened?

According to the initial investigation done by Twitter, it was clear, that it all kick started, when one of the staff members (name not revealed) fell for a social engineering attack.

What is a social engineering attack?

In the context of information security, social engineering is a type of attack when a person is psychologically led into performing actions that are beneficial for the hacker. In other words, the hacker will psychologically manipulate through words and other means of communication to get sensitive information from you.

Twitter revealed their side of the story through a series of tweets which you can read below :

According to “Vice Motherboard” hackers boasted that they paid a Twitter insider to do the work for them. You can read the full report by Vice here –  “Hacker convinced twitter employee to help them Hijacked the accounts“.

What is the takeout?

From all the story above it is quite evident and clear that

  • Twitter was not aware of this hijacking incident until the Bitcoin-harvesting scam related tweets appeared on the accounts which were takeover.
  • Social engineering attack done on staff with access to internal tools, makes it quite clear that it is Social Engineering + Spear Phishing ( Spear Phishing is a fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information. ) So in other words if the attackers knew who can access the inner admin panel and exclusive tools of twitter then it is quite a scary thing.

Whether the attack was done as a social engineering attack or a phishing attack then Twitter needs to improve their defense, however, if we consider this as a job done by inside person, then Twitter has some huge problem going on inside which needs to be solved ASAP!.