The Twitter accounts of major public figures including US Democratic presidential candidate Joe Biden, Barack Obama, Elon Musk, Bill Gates, Jeff Bezos, Apple and Uber were simultaneously hacked by attackers to spread a cryptocurrency scam, the media reported.
Hijacked accounts posted scam tweets soliciting bitcoin transfers from followers. According to reports, the hackers have “so far succeeded in getting over $50,000 in Bitcoin transfers”.
Some of the accounts were quickly back under their owners’ control and the tweets sent out when those accounts were compromised were quickly deleted.
Twitter immediately locked down the affected accounts and removed Tweets posted by the attackers.
“We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly,” Twitter Support said in a tweet, adding that users may be unable to tweet or reset passwords while they review and address the incident.
In an attempt to mitigate the damage from a massive hack, Twitter has cut off the ability to tweet for verified users.
“You may be unable to Tweet or reset your password while we review and address this incident,” said the company.
“We’re continuing to limit the ability to Tweet, reset your password, and some other account functionalities while we look into this”.
The scammer’s website was quickly pulled offline. Kristaps Ronka, chief executive of Namesilo, the domain registrar used by the scammers, told TechCrunch that the company suspended the domain “on the first report” it received.
The security researchers found that the attackers had fully taken over the victims’ accounts, and also changed the email address associated with the account to make it harder for the real user to regain access.
These kinds of scams are common where scammers take over high-profile Twitter accounts using breached or leaked passwords and post messages that encourage users to post their cryptocurrency funds to a particular address under the guise that they’ll double their “investment”.
Twitter later said that they detected what “we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools”.
“We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it”.