Pay one Bitcoin and get two back: That sounds dubious. But if the request appears on the Twitter accounts of celebrities like Barack Obama, Jeff Bezos or Elon Musk, this message sounds much more serious. The hacker's stitches.
Unknowns have succeeded in promoting dubious cryptocurrency deals through Twitter profiles of celebrities like ex-President Barack Obama, presidential candidate Joe Biden and Amazon CEO Jeff Bezos. Accounts of companies like Apple and Uber were also affected. How exactly the unprecedented hack could happen was initially unclear. Many of the Twitter accounts were temporarily blocked and were back online a short time later without the obviously fraudulent messages.
According to initial findings, Twitter employees with access to internal systems were targeted in a coordinated attack. Since the beginning of the Corona crisis, a large proportion of Twitter employees have been working from home. At the same time, the website "Vice", citing an alleged attacker, reported that they also paid a Twitter insider for his help. The information could not initially be confirmed independently.
Twitter profiles of former New York Mayor Michael Bloomberg, rapper Kanye West, Microsoft founder Bill Gates and Tesla boss Elon Musk were also affected. In the message distributed via the accounts, it was promised to repay the bitcoins that were sent in twice.
What is particularly alarming about the attack is that, despite all the security precautions, the attackers succeeded in spreading their messages on a large scale via very well-protected Twitter accounts. With this access, instead of a crude bitcoin scam, for example, they could also have tried to manipulate stock prices via false tweets.
"We all regret that this happened," wrote Twitter chief Jack Dorsey. «A tough day for us on Twitter. As soon as you "have a better understanding" of what happened, you will inform the public as fully as possible
Twitter popular with hackers
Twitter has had problems hijacking accounts in the past – but never on such a broad front and with so many prominent names at once. The extent of the attack suggests that this time it was not an app linked to Twitter accounts that was used, as in previous cases, but that systems from Twitter could be directly affected. The company said it was investigating the incident. In the near future, users could have problems setting tweets or changing their password, the company warned.
The celebrity accounts are likely to be protected with complex passwords and so-called two-factor authentication, which also requires a freshly sent code to log on to a new device. The fact that it was still possible to send messages on behalf of the celebrities raises serious questions about Twitter's security measures – especially less than four months before the US presidential election. The account of US President Donald Trump, for whom Twitter is a central communication channel, was not affected. Cryptocurrency worth over $ 100,000 was quickly sent to a Bitcoin account mentioned in the Twitter news.
Twitter had further tightened security after strangers spread news about CEO Jack Dorsey's account less than a year ago. The service said at the time that its systems had not been hacked, but a security hole in Dorsey's mobile operator had allowed the tweets to be sent via SMS. Most recently, a group called "OurMine" managed to post to the accounts of several American football teams in late January. The aim was to show that "everything can be hacked," it said at the time.