Twitter is dealing with the fallout today after what they are calling “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.” Tesla CEO Elon Musk’s account was reportedly the first account taken over. But several high profile accounts were impacted including Barack Obama, Joe Biden, Jeff Bezos, Bill Gates, and others. Tweets on the accounts read:
“I am giving back to the community. All Bitcoin sent to the address below will be sent back doubled! If you send $1,000, I will send back $2,000. Only doing this for 30 minutes.”
Now there are a lot of questions about how this happened and whether Twitter is properly prepared to handle issues like this. NPR writes:
Technology industry insiders say it appears as if accounts are being hijacked at set intervals over the span of several hours, indicating that the attack may be automated.
As Twitter took down the posts, many would reappear moments later. Identical tweets, and a similar whack-a-mole response from Twitter, then was seen on the account of Gates, Elon Musk and other celebrities, entertainers and politicians.
It's hard to see how Twitter can recover from a hacking attack on this scale. Astonishing. pic.twitter.com/hlrTaOumRE
— Martyn McLaughlin (@MartynMcL) July 15, 2020
Vice is reporting that the hackers may have had help from the inside:
“We used a rep that literally done all the work for us,” one of the sources told Motherboard. The second source added they paid the Twitter insider. Motherboard granted the sources anonymity to speak candidly about a security incident. A Twitter spokesperson told Motherboard that the company is still investigating whether the employee hijacked the accounts themselves or gave hackers access to the tool.
Twitter released a statement saying:
“We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.”
“Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.”
Tough day for us at Twitter. We all feel terrible this happened.
We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.
💙 to our teammates working hard to make this right.
— jack (@jack) July 16, 2020
And now Twitter will be dealing with a separate issue – is it liable for the scam? CNET says, “As of Wednesday afternoon, a spot check of the BTC address from the tweets shows a total received of 12.30776555 BTC, or roughly $113,572.” There are some Twitter users who are now asking whether they will be reimbursed. Class action attorney Adam Moskowitz, who has handled lawsuits involving other tech companies, says people may have a hard time getting their money back:
There is certainly no guarantee based upon the type, location, or size of the companies that sell or trade-in bitcoin,that’s why these class actions have been so difficult to bring. Hopefully, the state and federal officials will get Involved to help all of the consumers.
Moskowitz says it will also be hard to get Twitter to return money to users who were duped, “Typically when there is allegedly intentional misconduct by the hacker, it is more difficult to hold the company responsible unless they had a lack of necessary and adequate precautions”
Watch more from CNBC above.