In a major show of force, hackers breached some of the site’s most prominent accounts, a Who’s Who of Americans in politics, entertainment and tech.
It was about 4 in the afternoon on Wednesday on the East Coast when chaos struck online. Dozens of the biggest names in America — including Joseph R. Biden Jr., Barack Obama, Kanye West, Bill Gates and Elon Musk — posted similar messages on Twitter: Send Bitcoin and the famous people would send back double your money.
It was all a scam, of course, the result of one of the most brazen online attacks in memory.
A first wave of attacks hit the Twitter accounts of prominent cryptocurrency leaders and companies. But soon after, the list of victims broadened to include a Who’s Who of Americans in politics, entertainment and tech, in a major show of force by the hacker’s.
Twitter quickly removed many of the messages, but in some cases similar tweets were sent again from the same accounts, suggesting that Twitter was powerless to regain control.
The company eventually disabled broad swaths of its service, including the ability of verified users to tweet, for a couple of hours as it scrambled to prevent the scam from spreading further. The company sent a tweet saying that it was investigating the problem and looking for a fix. “You may be unable to Tweet or reset your password while we review and address this incident,” the company said in a second tweet. Service was restored around 8:30 Wednesday night.
Twitter’s investigation into the breach revealed that several employees who had access to internal systems had their accounts compromised in a “coordinated social engineering attack,” a spokesman said, referring to attacks that trick people into giving up their credentials. The attackers then used Twitter’s internal systems to tweet from high-profile accounts like Mr. Biden’s.
“We’re looking into what other malicious activity they may have conducted or information they may have accessed,” Twitter’s spokesman added. “We’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing.”
Jack Dorsey, Twitter’s chief executive, said in a post Wednesday night that it was a “tough day for us at Twitter. We all feel terrible this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.”
A screenshot of the tweet on Joe Biden’s Twitter account.
The hackers did not use their access to take aim at any important institutions or infrastructure — instead just asking for Bitcoin. But the attack was concerning to security experts because it suggested that the hackers could have easily caused much more havoc.
There was little immediate evidence for who conducted the attack. One of the most obvious culprits for an attack of this scale, North Korea, has been documented to have used Bitcoin extensively in the past. But its nature — “effective, but also amateurish” in the words of one senior American intelligence official — led American intelligence agencies to an initial assessment that this was most likely the work of an individual hacker, not a state.
Had it been Russia, China, North Korea or Iran, said the official, who would not speak on the record because they were not authorized to discuss an intelligence investigation, the effort would have probably focused on trying to trigger stock market havoc, or perhaps the issuance of political pronouncements in the name of Mr. Biden or other targets.
Officials also noted that the breach did not affect the account of one of the most watched and powerful users of Twitter: President Trump. Mr. Trump’s account is under a special kind of lock-and-key after past incidents, the official noted.
Security experts said that the wide-ranging attacks hinted that the problem was caused by a security flaw in Twitter’s service, not by lax security measures used by the people who were targeted. Alex Stamos, director of the Stanford Internet Observatory and the former chief security officer at Facebook, said there were a range of other theories, but all suggested that the attackers got inside Twitter’s system, rather than stealing the passwords of individual users.
One American official called that a “scary possibility” in a world where national leaders, sometimes imitating Mr. Trump’s techniques, have adopted Twitter as a primary source of unfiltered communications.
Bitcoin is a popular vehicle for this type of scam because once a victim sends money, the design of Bitcoin, with no institution in charge, makes it essentially impossible to recover the funds.
By Wednesday evening, the Bitcoin wallets promoted in the tweets had received over 300 transactions and Bitcoin worth over $100,000, according to websites that track Bitcoin’s public ledger of transactions, which is known as the blockchain.
$118,000 in Three Hours
A scam on Twitter was propelled into the mainstream after hackers took control of several high-profile accounts and directed their followers to send them Bitcoin with a promise that they would double the amount.
Twitter initially handled the attacks by taking down the offending tweets. A spokesman for the Biden campaign said that Twitter had removed the tweet promoting the scam and locked down Mr. Biden’s account.
Twitter says hackers compromised high-profile accounts thanks to access to internal tools.
Twitter said that its internal systems were compromised by the hackers, confirming theories that the attack could not have been conducted without access to the company’s own tools and employee privileges.
“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” the first tweet in a multi-tweet explainer thread reads. “We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf.”
It seems as if Twitter is acknowledging here that numerous people appear to have been involved in the hacks, not just one individual, and also that numerous employees were compromised, too.
The company released a new update Thursday night, writing that it believes about 130 accounts were targeted in the attack.
"For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts," the company said.
Twitter added that it's continuing to investigate whether non-public data related to the accounts was compromised.
A spokesperson for Bill Gates confirmed a tweet sent from his account was not sent by Gates himself. "This appears to be part of a larger issue that Twitter is facing," the spokesperson said.
Joe Biden's campaign issued a similar statement, saying, "Twitter locked down the account immediately following the breach and removed the related tweet."
Companies, including Apple and Uber, were apparently hacked as well. Following the incident, all of Apple's tweets appeared to have been deleted.
There have been at least 363 transactions since the tweets were posted, according to tracking website blockchain.com. So far, the account has received more than $118,000.
The hack also prompted Senator Josh Hawley of Missouri to write a letter to Dorsey on Wednesday, saying that some of the impacted accounts "alleged to have been protected by Twitter's two factor authentication."
"I am concerned that this event may represent not merely a coordinated set of separate hacking incidents but rather a successful attack on the security of Twitter itself. As you know, millions of your users rely on your service not just to tweet publicly but also to communicate privately through your direct message service," Hawley wrote. "A successful attack on your system's servers represents a threat to all of your users' privacy and data security."
It became clear early on that this situation was not the case of a single account being compromised as we’ve seen in the past, but something else altogether. Even Apple, a company known for robust security, somehow fell victim to the scheme.
Many high profile accounts were quickly hijacked in rapid succession Wednesday afternoon, including @elonmusk, the eccentric Twitter-obsessed tech figure with a notoriously engaged fanbase. A scam tweet posted to the Tesla and SpaceX founder’s account simply directed users to send bitcoin to a certain address under the guise that he will “double any payment” — a known cryptocurrency scam technique. Musk’s account appeared to remain compromised for some time after the initial message, with follow-up posts claiming followers were sending money to the suspicious address.
Some Democratic political figures were also hacked as part of the cryptocurrency scam, including Barack Obama, Joe Biden and Mike Bloomberg. An official from the Biden campaign told TechCrunch that Twitter locked down the former vice president’s account “immediately” after it was compromised and the campaign remains in close contact with Twitter on the issue. At the time of writing, no accounts belonging to Republican politicians appear to have been hacked.
And in 2010, Twitter settled a complaint brought by the Federal Trade Commission, in which the regulator claimed that the company did not do enough to protect users’ personal information. The F.T.C. charged that “serious lapses” in Twitter’s security allowed hackers to take control of company systems and send out phony tweets from high-profile accounts, including Mr. Obama’s. As part of the settlement, Twitter agreed to undergo security audits for 10 years.
On Wednesday evening, Senator Josh Hawley, a Republican from Missouri, wrote a letter to Mr. Dorsey asking for information on the attack, including how many users were compromised.
Shares in the social media company fell 3 percent in after-hours trading.
Cybersecurity experts said the attack showed how vulnerable social media remains to attacks.
“This demonstrates a real risk for the elections,” Mr. Stamos said. “Twitter has become the most important platform when it comes to discussion among political elites, and it has real vulnerabilities.”
WELL EVEN THOUGH SOCIAL MEDIA HAVE THEIR PROBLEMS BUT IT DOESN’T MEAN THAT ITS THEIR FAULT TOTALLY. I AM NOT WRITING AGAINST TWITTER JUST A BROAD VIEW OF WHAT EVERYTHING HAPPENED.
I Hope I didn’t offend Twitter. In order for people to develop trust we need to provide security to their accounts and also make the security system even more better so that this doesn’t happen next time.
