The accounts of several celebrities were hacked earlier this week after hackers targeted Twitter employees in a Bitcoin phishing scam to gain access to their accounts. “The attacker ssuccessfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including through a two-factor protection mechanism.” The incident was described as the largest security breach in the company’s history.
Twitter posted a full blog that revealed compromised accounts, including Democratic presidential candidate Joe Biden, former President Barack Obama, Tesla CEO Elon Musk, Microsoft co-founder Bill Gates, Kanye West and Michael Bloomberg. Bloomberg, etc.
Screenshot from the Obama account previously posted: All bitcoins sent to my account will be doubled. I’ll pay back $2,000 for $1000.
According to Twitter officials, hackers can directly see and download the account’s data files, such as phone numbers, emails, and private direct messages (DMs). Moreover, hackers may even be able to obtain DMs that the eight accounts are trying to delete, because Twitter stores DM on its servers as long as either party to the conversation stores the DM. These messages can contain other personal information such as addresses, images, videos, etc.
The good news, however, is that Twitter claims that none of the eight accounts is a verified account. This means that the individuals actually represented by the eight accounts do not disclose personal information on their accounts.
Twitter also said hackers initially targeted 130 target accounts, successfully triggering password resets from 45 of them and logging in to tweet. In the end, the hacker simply tried to download data from up to eight unverified accounts. “We don’t know exactly how many accounts hackers scanned to find personal information, or whether they might have only accessed or read these private messages.”
Currently, Twitter has offered to fix the problem of locking all verified account access (130). Future plans to continue investigations with law enforcement, enhanced security mechanisms, and internal security training for employees after the recovery of these locked accounts.
After the incident, some media said that the Twitter attack will be in November’s U.S. presidential election sounded the alarm. And four years after Americans understand that elections can be easily rigged through the media, the country still does not have relatively well-established protections. Twitter should be well aware that it is likely to be targeted again in the future and be prepared for all kinds of emergencies.
According to the New York Times, the attack was initially a hoax by three young hackers. The attack began when a user named “Kirk” boasted to two teenagers that he could access celebrity accounts. Two other teenagers, “lol” and “ever so sear,” pleaded guilty to participating in the hacking. And there is still no idea about Kirk’s identity.
Joseph O’Connor, a 21-year-old british hacker, is understood to have been charged with Kirk’s true identity, but there is no hard evidence.