It all started on Wednesday, 15th of July, when several high profile accounts began to tweet about a giveaway by Bitcoin. The odd tweet said that anyone who sends funds to the specific wallet number (which was the same in every tweet) would give the sender a double amount of funds. However, the same wallet number of Bitcoin in every tweet and promotion of it by high profiles become suspicious to everyone. As soon as Twitter noticed the issue, an investigation was started, and the truth that came out surprised and scared everyone.
It was confirmed by Twitter that these accounts were taken over by the attackers who were able to access the entire account, including sensitive information like personal direct messages, email addresses, and phone numbers associated with the accounts. Twitter also tells the users that the attackers might also have been able to see the location history of the user. As soon as Twitter noticed the incident, all the targeted accounts were seized down temporarily.
The high profile verified accounts that hackers were lucky enough to attack included the accounts of Apple, Barack Obama, Bill Gates, Kanye West, Kim Kardashian, Jeff Bezos, Joe Biden, Uber, HQ Trivia and many more.
Unfortunately, many users started to follow what their favorite celebrities have tweeted about and transferred money to the account mentioned. Little do the users know that this is just a Bitcoin scam. The Verge noticed the transactions being made to that specific account as exchanges are visible to the public. Prior to the recognition and confirmation of hack, $300+K was transferred to that wallet number. And the more disturbing thing is, the transactions made were irreversible.
If we talk about the access to private DMs, Twitter informed that these hackers used “Your Twitter Data” tool which enables the users to recover their deleted DMs even if they intentionally deleted them.
However, as per Twitter, attackers were able to successfully hack 130 Twitter accounts, made odd tweets about Bitcoin from 45 of them, and only able to download the data for eight accounts. None of these accounts were verified. But, no one can tell how much personal information the hackers have extracted from these accounts or how many Direct Messages they have read, including those of verified users.
If we talk about the access to private DMs, Twitter informed that these hackers used “Your Twitter Data” tool which enables the users to recover their deleted DMs even if they intentionally deleted them.
For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. We are reaching out directly to any account owner where we know this to be true.— Twitter Support (@TwitterSupport) July 18, 2020
However, as per Twitter, attackers were able to successfully hack 130 Twitter accounts, made odd tweets about Bitcoin from 45 of them, and only able to download the data for eight accounts. None of these accounts were verified. But, no one can tell how much personal information the hackers have extracted from these accounts or how many Direct Messages they have read, including those of verified users.
As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets.— Twitter Support (@TwitterSupport) July 18, 2020
Twitter once said that the accounts were taken over by using one of Twitter’s internal employee tools. And people are now expecting Twitter to come up with something like “hackers manipulated some of their internal employees and got the access to internal systems, which is why they were able to pass the two-factor authentication as well.”
This incident has left everyone scared because stealing personal information is something that shall not be overlooked in any way. Twitter has to take serious actions regarding the issue and assure its users that incidents like this shall never happen again.
