Twitter celebrities with millions of followers hacked in Bitcoin scam
Image credit: reuters
US Presidential candidate Joe Biden and Tesla founder Elon Musk are just two of a raft of celebrities who have had their Twitter accounts hacked as part of cryptocurrency scam.
A message posted their accounts encouraged their millions of followers to send $1,000 (£794) to a Bitcoin address.
Other accounts targeted included Barack Obama, Kanye West and Bill Gates which all posted messages that their Bitcoin funds would be doubled and returned to them.
Twitter said employees with access to its internal systems had been successfully targeted by hackers who “used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf.”
“We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it,” the company said.
Founder Jack Dorsey said: “Tough day for us at Twitter. We all feel terrible this happened.”
The hack message read: “I am giving back to my community due to Covid-19! All Bitcoin sent to my address below will be sent back doubled.
“If you send $1,000, I will send back $2,000!
“Only doing this for the next 30 minutes! Enjoy.”
According to publicly available blockchain records on Thursday morning, the Bitcoin address received over $110,000 (£88,000) from hundreds of transactions.
A number of company accounts, including that of Apple and Uber, were also hacked with the message posted.
Most of the tweets were deleted within a number of minutes, but many had been retweeted thousands of times.
Some of the platform’s biggest users struggled to regain control of their accounts following the hack. While one of Musk’s tweets soliciting cryptocurrency was removed, another one appeared sometimes later followed by a third.
Twitter said: “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
Users reported that those with verified accounts, marked by a blue tick, could not send tweets for a brief period – with those who tried shown an error message reading: “Something went wrong, but don’t fret – let’s give it another shot”.
George Glass, head of threat intelligence at Redscan, said: “The incident is a great reminder to always exercise caution when viewing messages on social media, no matter who posts them. If something appears too good to be true, then it usually is.
“This is a serious breach and another prime illustration of how no organisation, including a Silicon Valley giant, is immune to cyber-attacks. More can always be done to improve cyber resilience and detect and respond to threats before they are able to cause damage – both to finances and reputation."
Stuart Reed, UK director at Orange Cyberdefense, said: “The biggest and most technically adept companies in the world continue to become victims of these types attacks for one reason – a lack of awareness among employees, enabling hackers to access infrastructure by preying on human vulnerabilities.
“Since the outbreak of Covid-19 we have seen numerous examples of hackers capitalising on the crisis by using social engineering attacks to trick their way into corporate systems.
“The fact that so many employees have been working from home has increased the risk of social engineering - an increased dependence on ‘virtual’ communications like email, video conferencing and calls, renders users more vulnerable to social engineering attacks.”
Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.