Several prominent personalities including Amazon chairperson Jeff Bezos, Microsoft co-founder Bill Gates, former US President Barack Obama were targeted by hackers on Twitter in an apparent Bitcoin scam. Twitter accounts of US Election 2020 candidates including Joe Biden, Mike Bloomberg, and Kanye West, were hacked as well. Accounts of Warren Buffett, Elon Musk, Apple Inc, Kim Kardashian, and Uber were also hacked in this high-profile breach.
A tweet, requesting donation in cryptocurrency, was tweeted from all these accounts.
For instance, Gates' tweet read like this, "Everyone is asking me to give back, and now is the time. I am doubling all payments sent to BTC address for the next 30 minutes. You send $1,000, I send you back $2,000".
A tweet from Bezos' official Twitter account said, "All Bitcoin sent to my address below will be sent back doubled, I am only doing a maximum of $50,000,000".
The tweets were deleted minutes after they were first posted. The Biden campaign said Twitter had "locked down the account within a few minutes of the breach and removed the related tweet".
Later, Twitter CEO Jack Dorsey said "Tough day for us at Twitter. We all feel terrible this happened". Dorsey added, "We're diagnosing and will share everything we can when we have a more complete understanding of exactly what happened".
Tough day for us at Twitter. We all feel terrible this happened.
We're diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.
💙 to our teammates working hard to make this right.- jack (@jack) July 16, 2020
The Twitter Support team also tweeted that users "may be unable to tweet or reset your password while we review and address this incident".
We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.- Twitter Support (@TwitterSupport) July 15, 2020
We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely.- Twitter Support (@TwitterSupport) July 16, 2020
We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this.- Twitter Support (@TwitterSupport) July 16, 2020
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.- Twitter Support (@TwitterSupport) July 16, 2020
"This appears to be the worst hack of a major social media platform yet," said Dmitri Alperovitch, who co-founded cybersecurity company CrowdStrike. Some experts told Reuters that it seemed probable that hackers had access to Twitter's internal infrastructure.
"It is highly likely that the attackers were able to hack into the back end or service layer of the Twitter application," said Michael Borohovski, director of software engineering at security company Synopsys. "If the hackers do have access to the backend of Twitter, or direct database access, there is nothing potentially stopping them from pilfering data in addition to using this tweet-scam as a distraction," he said.