Twitter claims that 130 accounts were targeted in a serious celebrity account cyber attack two days ago.
However, Twitter claims that only a “small subset” of those 130 accounts had control seized by the attacker.
The security breach has seen accounts including those of Barack Obama, Elon Musk, Kanye West and Bill Gates tweeting a Bitcoin scam with millions of followers.
Twitter said it was still trying to figure out if private data – which could include direct messages – was stolen.
“We work with interested account owners and will continue to do so in the coming days,” said the company, through its official support account.
“We are continuing to evaluate whether the non-public data for these accounts has been compromised,” he added.
The FBI is now investigating.
On July 15, several Bitcoin-related accounts began tweeting what appeared to be a simple Bitcoin scam, promising to “return” to the community by doubling any Bitcoin sent to their address.
Hence, the apparent scam has spread to major celebrity accounts such as Kim Kardashian West and former Vice President Joe Biden, and those of Apple and Uber companies.
Twitter has mingled to contain the unprecedented attack, temporarily preventing all verified users – those with a blue check mark on their accounts – from tweeting.
The attackers were able to circumvent the security of the account because they had somehow gained access to Twitter’s internal administration tools.
- Twitter hack: what went wrong and why it matters
- What is Bitcoin?
However, U.S. President Donald Trump, one of the most important Twitter users, has not been affected.
It has long been speculated that President Trump put extra protections in place after his account was disabled by an employee on the last day of work in 2017.
The New York Times confirmed that this is how Trump’s account escaped the attack, citing an anonymous White House officer and a separate Twitter employee.
Despite the fact that the scam was obvious to some, the attackers received hundreds of transfers, valued at over $ 100,000 (£ 80,000).
What do we know about attackers?
Bitcoin is extremely difficult to track down and the three separate cryptocurrency wallets that the cyber criminals used have already been emptied.
Digital money is likely to be split into smaller amounts and managed through so-called “mixer” or “tumbler” services to make it even more difficult to track down attackers.
Clues to those responsible are emerging through bragging about social media, including on Twitter itself.
Earlier this week, researchers from the cybercrime intelligence firm Hudson Rock spotted an announcement on a hacker forum claiming to be able to steal any Twitter account by changing the email address it is linked to.
The seller also released a screenshot of the panel usually reserved for high-level Twitter employees. It seemed to allow full control of adding an email to an account or “posting” existing ones.
This means that the attackers had access to the Twitter backend at least 36-48 hours before the Bitcoin scams started appearing Wednesday night.
The researchers also linked at least one Twitter account to the hack, which has now been suspended.
The concern is that this hack may not be terminated if the attackers copy – and still own direct private messages from the accounts over which they have taken control.
“The bitcoin scam is a misleading way to frame this incident,” said Roi Carthy, CEO of Hudson Rock.
“If anything, the” scam “part supports the conclusion that the group behind the attack was, fortunately for Twitter, unsophisticated. The incident can be characterized as a campaign to acquire the account for sale on Darkweb or a violation of the data to obtain a suspension of direct messages for malicious purposes. “
Do Hackers Have DM?
Twitter says it is still investigating “what other malicious activities may have led or information they may have accessed.”
Private messages from Kayne West, Kim Kardashian West and Elon Musk may be worth investing in obscure web forums. The sale of the private messages of the promising President of the President Joe Biden or the former New York Mayor Michael Bloomberg could also have political consequences.
However, the BBC spoke to a hacker specializing in social media account acquisitions and was part of a group of hackers with an account suspected of involvement.
“Honestly, I think hacking is over because I think this may have been a quick way to grab and manage money,” he said.
“If they have DMs, they will be extremely careful who they sell them, if they do, because they increase their chances of getting caught quite a bit.”