[German]Hackers managed to trick Twitter employees on Wednesday and take over tens of thousands of high-profile Twitter accounts (Joe Biden, Elon Musk, Bill Gates, Barack Obama, Uber and Apple) via their dashboard or an internal tool. This was then used for scams involving crypto-currencies.
I became aware of the problem via Twitter – both Twitter and other security researchers reported the hack.
Our investigation is still ongoing but here’s what we know so far:
— Twitter Support (@TwitterSupport) July 16, 2020
You realize how crazy it is? They’ve hacked like 10+ of the biggest crypto twitters.
There is actual potential here that @realDonaldTrump will get hacked.
Fix your shit @Twitter
— Under the Breach (@UnderTheBreach) July 15, 2020
Prominent Twitter accounts ask for 1,000 US $
On Wednesday, high-profile accounts, including those of Joe Biden, Elon Musk, Bill Gates, Barack Obama, Uber and Apple, suddenly tweeted about crypto-currencies. A wave of tweets was to be used for crypto-currency scams.
The message : ‘send me 1.000 US $ and you will get 2.000 $ back’ was shown. Obviously a hack to take over the account has taken place.
It was probably an Insider job
Looks like it was an inside job. Vice reports here that a Twitter insider, according to leaked screenshots viewed by Motherboard and two sources, was responsible for the account takeover. “We used a representative who literally did all the work for us,” one of the sources told Motherboard. The second source added that they paid the Twitter insider.
Motherboard granted anonymity to the sources to talk openly about a security incident. A Twitter spokesperson told Motherboard that the company is still investigating whether the employee hijacked the accounts himself or gave hackers access to the tool.
According to sources, the accounts were hijacked using an internal tool on Twitter. Screenshots of the tool that Motherboard has seen confirm this. One of the screenshots shows the panel and the account from Binance. Binance is one of the accounts that was taken over by hackers today. According to the screenshots, at least some of the accounts seem to have been compromised by changing the email addresses associated with them using the tool.
Twitter still investigating – tweeting possible again
Currently, Twitter is still investigating the incident and had set a block on posting tweets. However, most Twitter accounts are now allowed to post again. One more thing: Twitter has deleted some screenshots of the dashboard and suspended users who tweeted them, claiming that the tweets violate the rules.