On July 15, 2020, many high-profile, verified Twitter accounts sent out tweets that lured people into a cryptocurrency scam. These accounts included individuals such as Elon Musk, Bill Gates, Barack Obama, and even the official account for the Binance cryptocurrency exchange. The gist of these tweets was something like “I’m feeling generous. Send x amount of Bitcoin to this address and I’ll send 2x back.”
As it turned out, this was the concluding segment of a major Twitter hack that compromised 130 accounts in total. According to @TwitterSupport’s updates, 45 of those accounts sent out cryptocurrency scam tweets, 36 of the accounts had their direct message inbox accessed, and 8 of the accounts had all of their data downloaded using Twitter’s “Your Twitter Data” tool:
As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets.
For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. We are reaching out directly to any account owner where we know this to be true.
We believe that for up to 36 of the 130 targeted accounts, the attackers accessed the DM inbox, including 1 elected official in the Netherlands. To date, we have no indication that any other former or current elected official had their DMs accessed.
About two weeks later, three individuals were charged by the U.S. government, and Twitter issued an update that provided more information as to how the attack was actually conducted:
The social engineering that occurred on July 15, 2020, targeted a small number of employees through a phone spear phishing attack. A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools. Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes. This knowledge then enabled them to target additional employees who did have access to our account support tools.
As a side note, right as the hack was being discovered on July 15, there was an image that was leaked that appeared to be a screenshot of a Twitter admin dashboard, and a button to ‘blacklist’ trends was visible in the screenshot. Twitter removed the image and suspended a few accounts who shared it, likely because the image contained personal information that was not redacted.
Twitter has time and resources to censor and shadow ban conservatives
Meanwhile the entire site is taken over. Probably every DM is in a third party database now.
And this is only months after Saudi spies hired twitter employees to arrest dissidents.
– Cernovich (@Cernovich) 15 Jul 2020