Posted on 07-20-2020.
On Friday Twitter’s team published a follow up on their investigation into the recent “Bitcoin scam” hack. The attack happened on Wednesday when a team of anonymous hackers gained access to many high profile accounts, including those of Binance CEO Changpeng Zhao, Bill Gates, Jeff Bezos, Elon Musk, Joe Biden, Barack Obama, Uber, Apple, and many others. Reportedly this was made possible due to a Twitter employee being socially engineered into disclosing sensitive data. Right after the hack took place, many hacked accounts were used to promote a Bitcoin scam, which fraudulently promised to send back double the amount to everyone who sends any sum in Bitcoin to a specified wallet. It was suggested that the Bitcoin scam was only a ruse, masking the real purpose behind the attack. This information was later confirmed by both Twitter and anonymous hacker sources. The scope According to the latest report, as many as 130 accounts were breached in the course of the attack. 45 of them had their accounts reset and posted the Bitcoin scam messages. “The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, log in to the account, and send Tweets,” Twitter’s statement concluded. At least eight accounts had all of the data scraped with the help of the Your Twitter Data tool. This tool allows downloading all private messages, address book data, physical location history, attached multimedia files, etc. The Verge reported that even previously deleted data could be retrieved in this manner. Twitter did not disclose which accounts’ data was drained in this way or what they had in common. A victory for hackers As reported by an anonymous source in the hacker community, the hacker team behind the attack was indeed after valuable private data. Bitcoin scam was only a distraction. Source: Hacker that wished to remain anonymous The source also said that the attack turned out to be bigger than initially anticipated. Twitter’s investigation meanwhile is still ongoing: “We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken. In addition, we believe they may have attempted to sell some of the usernames,” Twitter said in a statement. The recent investigation by NYTimes suggested that the hack had no political or ideological motive. The publication reportedly talked to the anonymous hackers behind the heist and learned that they got access to the Twitter credentials when one of them found a way into Twitter’s internal Slack channel, where said credentials were stored in a pinned message. “We’re embarrassed, we’re disappointed, and more than anything, we’re sorry” Twitter was widely slammed for its failure to prevent the attack and to act decisively and efficiently as it was unfolding. In their latest statement, Twitter provided an unconditional apology and informed the public that steps are being taken to prevent such disastrous events in the future. They also noted they are “deliberately limiting the detail they share on their remediation steps at this time to protect their effectiveness and will provide more technical details, where possible, in the future.” Right now Twitter is working to restore access to the affected accounts for their rightful owners. Still, it seems that the real consequences of the hack are yet to be fully comprehended.