Twitter has revealed that its own internal employee tools were accessed to orchestrate the massive attack that took place on July 15.
The attack, which lasted for a couple of hours, saw the accounts of a wide range of high-profile individuals and companies, including President Barack Obama, Democratic candidate Joe Biden, Tesla boss Elon Musk, Bill Gates, Kanye West, Apple and Uber, compromised.
- Nintendo hack is larger than thought, involving 300K accounts
- Hundreds of cybersecurity experts unite to fight coronavirus hacking
- Honda hit by possible ransomware attack
The accounts then sent out tweets asking their combined hundreds of millions of followers to pay into a bitcoin wallet, claiming they would return double the amount. Some of these tweets were pinned to the top of the compromised profiles, suggesting the hackers had full access to the accounts.
Blockchain information for that wallet address appeared to show over $110,000 worth of bitcoin was paid in. Much of that money soon disappeared from the account.
As well as high-profile accounts – Obama's is the most-followed of all, with 120 million followers – the same tweet, asking for bitcoin deposits into a specific wallet, was shared by many accounts seemingly belonging to regular people with few followers.
Screenshots of tweets promoting the bitcoin scam (wallet address redacted)GearBrain
Around two hours later, Twitter finally began to retake control. It prevented tweets from being shared that contained the bitcoin wallet address, and stopped all verified accounts (with the blue check mark) from tweeting. This prevented journalists and news organizations from tweeting about the attack, but also prevented the hackers from publishing tweets by the compromised high-profile accounts.
Almost five hours later, Twitter said: "Our investigation is still ongoing but here's what we know so far: We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
"We know they used this access to take control of many highly-visible (including verified) accounts and tweet on their behalf. We're looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it."
Twitter went on to say it has locked down the compromised accounts, and will only give access back to their owners when it is "certain we can do so securely."
Twitter added: "Internally, we've taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues."
Vice's Motherboard reports that screenshots of Twitter's internal systems have been shared around the computer hacking community, and that sources claim a Twitter insider was paid. Accounts sharing images of the tools are being suspended, in what Twitter claims is a breach of its rules.
Although this hack was seemingly only used to earn money through bitcoin deposits, Twitter will likely face serious questions from its users, as well as lawmakers and governments, about what went wrong, and how serious the attack could have been. With so many high-profile businesses, company executives, celebrities and leaders of state on Twitter, the hack could have led to far more serious consequences than lost bitcoins.