An apparent cryptocurrency strategy that bombed Twitter Wednesday saw the accounts of high - profile marque , crypto exchange , businesspeople , celebrities , and politicians compromised in anunprecedented hackthat raises serious concern about the security measure flaws of the chopine and what selective information could have been jeopardize in the incident . Right now , details about the specifics of the hack are limited , but here ’s what we do it .
Beginning later Wednesday , a number ofverified Twitter accountsbegan pinch similar messages : institutionalize Bitcoin to a digital billfold , and the someone or bill would fool back double the amount . It ca n’t be understated how far - reaching the crypto cozenage was in terms of its targets . The verified account of Apple , former President Barack Obama , presumptive Democratic presidential campaigner Joe Biden , so - declare presidential bright Kanye West , Bill Gates , Jeff Bezos , Elon Musk , Kim Kardashian West , and Warren Buffett were all among the drawn-out list of targets .
Prominent verified crypto accounts were also hacked , include CoinDesk , which said it hadmulti - broker authenticationenabled . Presumably , consecrate the high-pitched - visibility nature of the account , many others did as well . As it became clear that Twitter was under flak , the company took the extreme measure of blocking not just the affect explanation from tweeting butall verify accounting . Still , the hackers were able to make away with roughly $ 121,000 , accord to estimations bycryptocurrencyandblockchainanalytics firms .
Image: Twitter
Twitter has offered limited details as to how exactly this find but say it ’s look into — as is theFederal Bureau of Investigation , which say in a statement that the incident appears to have been a crypto scam “ at this sentence . ” In athreadon the Twitter Support page , the company said Wednesday it believed the incident “ to be a coordinated societal engineering attack by masses who successfully direct some of our employees with admittance to internal system and tools . ”
Citing two informant who allegedly participate in taking over accounts , Motherboardreported Wednesday that a Twitter employee helped the hackers make headway access code to an internal tool . Motherboard say that some of the report may have been compromised after the email associated with the report was change using the puppet . The outlet further report that Twitter is suspend substance abuser who share an persona of the peter , quote a violation of its policy .
TechCrunchlikewise summons a source intimate with the incident as state that the hackers had access to an internal Twitter tool . TechCrunch reported that a cyber-terrorist who goes by “ Kirk , ” most likely a pseudonym , used the tool to reset the e-mail associate with the compromised accounts . According to TechCrunch , Kirk may have pop merely by deal admittance to Twitter handles before hack the affected accounts themself . TechCrunch ’s source theorized that the company account of a Twitter employee may have been hijacked , which could have allowed Kirk access to the tool . But TechCrunch say its rootage also noted the employee likely was n’t directly involved with the hacks .
A Twitter spokesperson decline to comment on the paper , other than to say that its “ investigation remains ongoing . ”
At noon on Thursday , the Senate Committee on Commerce , Science , and Transportation — which has jurisdiction over affair related to the net and consumer trade protection — ask Twitter to brief its staff about the incident “ no afterward than July 23 , 2020 . ” Chairman Roger Wicker , Republican of Mississippi , wrote in a letter to CEO Jack Dorsey : “ I infer that Twitter is look into the matter and has taken steps to remove the offending tweets . But it can not be overstated how distressing this incident is , both in its effects and in the apparent failure of Twitter ’s internal controls to prevent it . ”
“ Millions of Americans who surveil celebrated figures on Twitter believe that the posts they see from those figures are legitimate . In this case , that trustfulness appears to have been violate for the personal pecuniary profit of the hacker , ” Wicker said . “ It is not difficult to think succeeding attacks being used to spread disinformation or otherwise sow discordance through eminent - visibility bill , specially through those of world loss leader . ”
This week ’s attack further raise question about what information could have been steal in the fire , particularly conceive the in high spirits - level political business relationship that were hacked . Twitter currently lacks security measures feature like end - to - encryption , a point raised by Senator Ron Wyden in a statement on Thursday . Wyden said that after meeting with Jack Dorsey in 2018 , before the Twitter CEO take the stand before the Senate Intelligence Committee aboutabuse of the platform , Dorsey suppose that an end - to - end encryption feature of speech was in the works for Twitter ’s direct messages .
“ It has been nearly two years since our meeting , and Twitter DMs are still not cypher , leaving them vulnerable to employee who abuse their intragroup access to the company ’s systems , and hacker who gain wildcat access , ” Wyden said . “ While it still is n’t clear if the hacker behind yesterday ’s incident gained access code to Twitter unmediated messages , this is a exposure that has last for far too long , and one that is not present in other , vie platforms . If hackers gained memory access to users ’ decimeter , this falling out could have a breathtaking impingement , for years to get . ”
Senator Josh Hawley , similarly raise concern about sensitive information that could have been stolen from the accounts , writing in a letterto Dorsey that “ millions of your users rely on your servicing not just to tweet in public but also to communicate in camera through your direct message service . A successful attack on your system of rules ’s waiter stand for a terror to all of your users ’ privacy and data point security . ”
“ Out of an teemingness of caution , and as part of our incident response yesterday to protect people ’s certificate , we take the stride to lock any accounts that had attempted to switch the account ’s password during the retiring 30 days , ” the company said . “ As part of the extra security measures we ’ve taken , you may not have been able to readjust your password . Other than the accounts that are still locked , people should be able to reset their password now . ”
For those user accounts that have been interlock , the party said , “ this does not needs mean we have grounds that the story was compromise or accessed . So far , we believe only a little subset of these locked accounts were compromise , but are still investigate and will inform those who were affected . ”
extra coverage by Dell Cameron .
Update 7/17/20 9 a.m. ET : This story has been updated to shine the most late appraisal bycryptocurrencyandblockchainanalysts about the amount steal in the system .
EncryptionHackingHacksPrivacySecurityX ( Twitter )
Daily Newsletter
Get the best tech , science , and finish news program in your inbox daily .
News from the future , delivered to your present .
Please select your desired newssheet and resign your e-mail to kick upstairs your inbox .
You May Also Like
