The July 17 attack broke into the Twitter accounts of celebrities, world leaders and tech magnates in one of the biggest high-profile security breaches in recent years. The attackers sent out tweets from the accounts of the public figures, offering to send $2,000 for every $1,000 sent to an anonymous Bitcoin address.
According to the official statement from Twitter, the hack that breached the accounts of some of its most high-profile users targeted 130 people. Also, the hackers were able to reset the passwords of atleast 45 of those accounts. In a blog post on Saturday, Twitter said that for up to eight of these accounts the attackers also accessed the account’s information usign the “Your Twitter Data” tool. Twitter is trying to contact the owners of these accounts, and also, none of these accounts were verified.
In the same blog post, Twitter said:
We’re embarrassed, we’re disappointed, and more than anything, we’re sorry. We know that we must work to regain your trust, and we will support all efforts to bring the perpetrators to justice
This incident highlighted a major defect with a service that millions of people have come to rely on.
On Wednesday afternoon last week, the Twitter accounts of famous figures began tweeting similar messages saying they were “feeling generous” and would double any Bitcoin payments sent to an address in the tweet. Among the individual accounts affected were former US President Barack Obama, Democratic presidential candidate Joe Biden, tech billionaires like Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates, and Tesla CEO Elon Musk and celebrities such as Kanye West and Kim Kardashian West.
Tech companies like Uber and Apple were also affected.
Following this fiasco, many “verified” Twitter accounts were locked down. The hack, which was called a “social engineering attack” by Twitter, targeted Twitter employees with access to the platform’s internal systems and tools.
Yesterday, Twitter said that the hackers who breached its systems last week likely read the direct messages of 36 accounts, including one belonging to an elected official in the Netherlands. The support account of Twitter and the updated blog post states that it had no indication of privacy breach of any other elected officials.
If you think about it, if somebody is able to tweet from an account, he/she would also be able to read previously sent or received messages that had not been deleted. So, most probably, the hackers were able to read the private messages of some of the most distinguished people on the planet.
The FBI is looking into the case.
Could this be prevented?
After this incident, Twitter said that it has taken “significant steps” to limit employees’ access to internal tools and systems, while the investigation is still ongoing. But, well, this is not the first time something like this has happened due to the employees of *Twitter.
Three years back, a Twitter employee who wasn’t happy with Donald Trump apparently deactivated his account for 11 minutes.
Last year, two former Twitter employees were charged with spying on user data by US prosecutors.
These incidents raise questions regarding Twitter’s security system, and whether it could trust it’s employees with sensitive information about it’s users.
What does the hack exemplify?
It might simply be a demonstration of Twitter’s weak security controls as the US presedential election, an election in which Twitter plays an influential role, is drawing closer. President Donald Trump’s account was not touched. The political figures targeted were mostly Democrats or other politicians from the left. This seems to be somewhat similar to what happened in 2016. US intelligence agencies came to the conclusion that Russia tried to jeopardize the 2016 presedential elections through social media tampering and various hacks.
According to the New York Times report, four young hackers were involved in the well-organised Twitter scam.
Social media giants like Facebook and Twitter have been trying to improve their internal security systems ever since their boom in the modern world. Yet, hackers and malicious actors always try to find a way to breach into the systems and get things done. And, majority of the times they are successful. As the tech giants improve their election security systems and policies, hackers have also improved in their manoeuvres.
If a Bitcoin scam was so easy to pull off, what will prevent an attack on the US election?