If last night, like many, you saw a tweet offering a generous proposal such as Barack Obama’s “I am giving back to my community. All Bitcoin sent to my address below will be sent back doubled,” and wondered what Obama was going on about, let’s be clear, it was a hack.
Elon Musk, Bill Gates, Joe Biden, Jeff Bezos, Kanye West, Apple, Uber—the list of high-profile people and companies that got their Twitter accounts hacked goes on, including leading cryptocurrency sites. The profiles were obviously targeted for their high following count in order to spread the scam as widely as possible.
Twitter announced that it had detected what it believed to be a “coordinated engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.” TechCrunch was told by a source involved in the underground hacking scene that the hacker who goes by the handle ‘Kirk’ generated over $100,000 in a matter of hours. By gaining access to Twitter’s admin tool, Kirk used it to reset email addresses of the accounts affected which made it more difficult for the rightful owners to regain control.
The source, who remains anonymous, also told TechCrunch that Kirk started out by selling stolen usernames on social media, a somewhat popular, yet very illegal business. These usernames sell from anywhere between a few hundred dollars to thousands. There is a popular forum among traders of hacked social media handles, called OGUsers, which Kirk is shown to have contacted. Screenshots of a chat between a ‘trusted member’ and the hacker were shared with TechCrunch, where he said “Send me @’s and BTC,” which refers to Twitter usernames and cryptocurrency.
The screenshots show that Kirk also had access to the internal administrative tool on Twitter’s network. It is currently unknown how exactly Kirk managed to gain access to Twitter’s internal tool, but it has been hypothesised that an employee’s account was hijacked, which then allowed Kirk into the company’s internal network.
Twitter has declared that once the company became aware of the attack, it “locked down the affected accounts and removed tweets posted by the attackers.” As a precaution, it also limited access for accounts that had been verified with a blue check.
CEO Jack Dorsey tweeted that it had been a “tough day for us at Twitter.” He added, “We all feel terrible this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.”
The popular Bitcoin exchange Coinbase has blocked its users from sending money to the address advertised via the affected accounts. While Twitter continues to investigate, cybersecurity experts have begun speculating on other potential sources of the breach. Twitter has stated that it is “working to get things back to normal as quickly as possible.”
The company has said that “Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing.” It remains unknown who is behind the attack.