Twitter has revealed the true extent of this week’s large-scale cyber-attack that saw the accounts of multiple celebrities compromised.
The social media giant said a total of 130 accounts were targeted as part of a major cybersecurity incident that took place two days ago.
Following the attack, what appeared to be a Bitcoin scam was tweeted from the hijacked accounts of some of the world’s most famous public figures, including former US president Barack Obama, Kanye West, Bill Gates, and former US vice president Joe Biden.
The fraudulent tweet posted from the highjacked accounts made it appear as though the victim was planning to give back to their community by making a financial donation. The post invited the victim’s followers to give $1,000 in the next 30 minutes, tempting them with the lure that their donation would be doubled by the account’s owner.
At first the attackers tweeted about the supposed charity drive from Bitcoin-related accounts, but it quickly spread to the accounts of public figures, including Elon Musk and Kim Kardashian West, and to the corporate accounts of Uber and Apple.
Spotted by many as an obvious scam, the Bitcoin charitable donation tweet fooled hundreds of Twitter users and earned the cyber-attackers over $100k.
In an effort to contain the attack, Twitter temporarily blocked all verified users from tweeting.
According to Twitter, the successfully compromised accounts represented a “small subset” of the total number of accounts the attackers had in their crosshairs.
The company has launched an investigation into the incident but has so far been unable to determine whether any private data was stolen. Such information could include the content of direct messages.
Providing an update to the situation via its official support account, Twitter stated: “We’re working with impacted account owners and will continue to do so over the next several days. We are continuing to assess whether non-public data related to these accounts was compromised.”
An investigation into the cyber-attack has been launched by the Federal Bureau of Investigation. It is believed that whoever was responsible was able to bypass account security protections by somehow gaining access to Twitter’s own internal administration tools.
Source: Infosecurity Magazine