Twitter Hack: ‘Social Engineering Attack’ on Employee Admin Panels

Published at: July 16, 2020

Crypto scammers responsible for what could be the largest ever hack on Twitter were able to succeed because individual employees have high levels of access to information and control on the platform.

In a series of tweets from Twitter Support on July 15, the help center of the social media platform confirmed that hackers responsible for the massive breach of high-profile figures’ accounts had conducted a “coordinated social engineering attack” to gain “access to internal systems and tools.”

“We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf,” Twitter Support said. “We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.”

The account reported the platform had taken “significant steps to limit access to internal systems and tools” as the breach is investigated.

Access to promote fake Bitcoin giveaways

The hackers were able to post tweets using the accounts of major figures including Barack Obama and Joe Biden to promote a fake Bitcoin (BTC) giveaway which has so far swindled over 300 users out of $118,000. 

The individual employee admin panels targeted in the hack have significant access to a variety of tools to control the affected accounts, including posting messages on their behalf and changing the verification phone number and email address.

Twitter user sniko_ posted screenshots which indicate the fraudsters may have changed the email address for verification for the Coinbase and Gemini accounts, as they were the same following the attack.

Coinbase and Gemini password reset screenshots

Vice’s Motherboard reported that Twitter was taking down screenshots of user posted shots of admin panels on the grounds that they violated the rules. Images showing access to several Twitter accounts revealed internal admin details including the number of strikes logged against each account, when the account was last accessed, which phone numbers were tied to it, and which email addresses were used for verification. 

Screenshot of Twitter internal employee panel access to Binance account. Source: Motherboard

Reactions from Crypto Twitter

“Sounds bad that a Twitter developer can just login to my account and tweet anything, read my private stuff and all,” said Twitter user 1uc45MH. “If one of them freaks out they can tweet anything on anyone’s account.”

The stock market reacted similarly, despite it being after-hours trading shortly after the hack was discovered. Twitter’s stock TWTR fell from $35.60 to $34.70, a drop of 2.5% in just 15 minutes. At the time of writing, the platform’s stock is priced at $34.52.

Tags
Related Posts
Digital intelligence must overcome challenges to solving crypto crimes
While the value of cryptocurrencies has varied wildly in the last year, this has not diminished crypto’s attractiveness to criminals. Many of them are moving their illegal activities underground and outside the view of law enforcement. Because of the public nature of most blockchains, however, this rapid movement shouldn’t be a major concern to law enforcement agencies. With the right tools and training, following the proceeds of crypto-enabled crime is actually not as difficult as it may seem. However, intelligence agencies must have a cryptocurrency investigation plan that includes the right tools to lawfully collect digital evidence and the properly …
Technology / Aug. 20, 2021
Unknown Cybercrime Gang Holds Thousands of Databases For Ransom
Cross-platform database company, MongoDB, is the latest victim of a cybercriminal attack. This attack has infiltrated 22,900 unsecured databases by wiping their contents. The gang behind the attack has since requested Bitcoin (BTC) payments in exchange for a backup of the data. According to WeLiveSecurity from the cybersecurity firm ESET, if the ransom isn't paid in two days, the hacker, or a gang of cybercriminals, threatened to notify authorities in charge of enforcing European Union's General Data Protection Regulation, or GDPR. A report published by ZDNet explains that the number of databases compromised in the “Wiping & Ransom” attack account …
Technology / July 2, 2020
Defending Bitcoin’s Integrity in the Great Twitter Hack
Bitcoin (BTC) has made global headlines again because of the recent Twitter hack, but this time, we need to work harder to protect Bitcoin’s integrity and the progress the industry has made. The coordinated social engineering attack compromised the Twitter accounts of high-profile figures and organizations like Microsoft co-founder Bill Gates, Tesla founder Elon Musk, Amazon owner Jeff Bezos, former United States President Barack Obama and 2020 U.S. presidential candidate Joe Biden, among many others, to ask for Bitcoin in fake “giveaway” posts. When the story broke, the New York Times, BBC and other mainstream media outlets were quick to …
Decentralization / July 22, 2020
Hidden Messages Found in Transactions to Twitter Hack Bitcoin Address
Some of the largest and most influential Twitter accounts in the world were hacked earlier today to promote fake Bitcoin giveaways. But eagle-eyed Reddit users have spotted a series of hidden messages in transactions sent to the Bitcoin wallet at the center of the scam. Prominent accounts targeted in the Twitter attack included Joe Biden, Elon Musk, George Wallace, Bill Gates, Kanye West, Kim Kardashian, Wiz Khalifa, Warren Buffett, Mike Bloomberg, Barack Obama and Jeff Bezos. The accounts were hacked with a message promising that if users sent BTC to a particular address, they would get a 2:1 return. According …
Technology / July 16, 2020
Are crypto and blockchain safe for kids, or should greater measures be put in place?
Crypto is going mainstream, and the world’s younger generation, in particular, is taking note. Cryptocurrency exchange Crypto.com recently predicted that crypto users worldwide could reach 1 billion by the end of 2022. Further findings show that Millennials — those between the ages of 26 and 41 — are turning to digital asset investment to build wealth. For example, a study conducted in 2021 by personal loan company Stilt found that, according to its user data, more than 94% of people who own crypto were between 18 and 40. Keeping children safe While the increased interest in cryptocurrency is notable, some …
Adoption / Feb. 26, 2022