WGNO

Twitter says attackers ‘successfully targeted some of our employees’ to gain internal tools

(Getty)

An internal investigation into the hacked Twitter accounts of high-profile celebrities, billionaires and politicians Wednesday revealed that the social media company’s own tools were used to carry it out.

“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” Twitter Support tweeted Wednesday evening. “We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.”

Earlier in the day, tweets encouraging donations with a link to the same bitcoin address were sent from the official Twitter accounts of former President Barack Obama, Democratic presidential front-runner Joe Biden, Mike Bloomberg and a number of tech billionaires including Amazon CEO Jeff Bezos, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk. Celebrities Kanye West and his wife, Kim Kardashian West, were also hacked. The fake tweets tweets offered to send $2,000 for every $1,000 sent to an anonymous Bitcoin address.

There is no evidence that the owners of these accounts were targeted themselves. Instead, the hacks appeared designed to lure their Twitter followers into sending money to an anonymous Bitcoin account. The Biden campaign, for instance, said that Twitter’s integrity team “locked down the account within a few minutes of the breach and removed the related tweet.”

Obama’s office had no immediate comment. The FBI said it was aware of Twitter’s security breach, but declined further comment.

In a tweet, Twitter noted that it was aware of a “security incident impacting accounts on Twitter.” The San Francisco company said it is investigating and promised an update shortly. It did not reply immediately to requests for comment.

The apparently fake tweets were all quickly deleted, although The Associated Press was able to capture screenshots of several before they disappeared. The security problem was severe enough for Twitter to warn that many of its more than 166 million daily users might be unable to tweet or reset their passwords while the company tried to lock things down.

Among the political figures targeted, the hack mostly appeared to target Democrats or other figures on the left, drawing comparisons to the 2016 campaign. U.S. intelligence agencies established that Russia engaged in coordinated attempts to interfere in those U.S. elections through social media tampering and various hacks, including targeting the various campaigns and major party organizations.

The hack might also be a simple demonstration of Twitter’s weak security controls as the U.S. heads into the 2020 presidential election, a contest in which the service is likely to play an influential role.

The Bitcoin account mentioned in the fake tweets appears to have been created on Wednesday. By the end of the day, it had received almost 12.9 bitcoins, an amount currently valued at slightly more than $114,000. At some point during the day, roughly half that sum in bitcoin was withdrawn from the account.

Bezos, Gates and Musk are among the 10 richest people in the world, with tens of millions of followers on Twitter. The three men are worth a combined $362 billion, according to the latest calculations by Forbes magazine.

The same bogus offer cropped up a second time on Musk’s account, which has a history of sometimes befuddling tweets from the eccentric billionaire. Tesla didn’t immediately respond to a request for comment.

Gates, who has become one of the world’s leading philanthropists since stepping down as Microsoft CEO, confirmed the tweet wasn’t from him. “This appears to be part of a larger issue that Twitter is facing,” a spokesperson for the billionaire said in a statement.

This is hardly the first time hackers have created mischief on Twitter. Just last year, the account of Twitter CEO Jack Dorsey was broken into a nd used to tweet racist and vulgar comments.

The latest security breach prompted Sen. Josh Hawley, a Missouri Republican, to send a letter to Dorsey urging him to work with the FBI and the Justice Department on ways to improve Twitter’s security.

“A successful attack on your system’s servers represents a threat to all of your users’ privacy and data security,” Hawley wrote.

Investors also appeared to be concerned about potential fallout from the hack affecting Twitter’s usage. Twitter’s shares fell 3% in extended trading after news of the hack broke.

This is a developing story.