High profile Twitter accounts including Elon Musk, Apple and Bill Gates hacked in crypto scam
Hackers have compromised the Twitter accounts of high profile and high worth users and companies including Elon Musk, Jeff Bezos, Apple, Barack Obama and Bill Gates in an elaborate cryptocurrency scam.
The hacked accounts tweeted an offer to double any payments sent to a cryptocurrency address.
One of the hacked tweets from Tesla and SpaceX boss Elon Musk said: “Feeling greatful, doubling all payments sent to my BTC address! You send $1,000, I send back $2000. Only doing this for the next 30 minutes”.
Other tweets were then sent by the hackers through other verified accounts including Bill Gates, Warren Buffett, Floyd Mayweather, Barack Obama, Kanye West and Joe Biden with similar offers.
It all began at 4.17pm New York time with Elon Musk’s unusual tweet which was then actually deleted and replaced with another tweet with clearer and more detailed instructions.
The tweets went on for more than two hours with Twitter’s first response of a “security incident” coming at 5.45pm.
The company’s first reaction was to disable verified accounts (including @StephenFenech and @TechGuideAU) from tweeting at all. At the time of writing – verified accounts are now able to tweet.
Twitter also made it impossible for users to reset their passwords at that time as well.
The fact that the verified accounts of the world’s most high profile accounts – with most presumably having sophisticated passwords and TFA (two factor authentication) – is a monumental security lapse by Twitter.
We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.
— Twitter Support (@TwitterSupport) July 15, 2020
To achieve this sophisticated hack, the cyber criminals must have found a weakness in Twitter’s security or a vulnerability in the process to create an account or recover an account.
The hack’s aim was for people to assume these messages, which were coming from the verified accounts of the platform’s most famous users and reputable companies, to be real and to act quickly to take advantage of the offer.
Before people worked out the tweets were part of a huge scam, hundreds of thousands of dollars had been sent to a blockchain wallet.
If hackers can access the verified accounts on Twitter, we should take stock of our own online security.
NortonLifeLock Territory Manager Mark Gorrie has some tips people can follow as a precaution after the Twitter security breach:
– Change your password immediately. Even if you do not think the scammers have access to it, it is better to be safe than sorry. We suggest using a password manager to reduce the same password being used across multiple accounts.
– If you were tricked into installing a rogue app, remove it.
– Run a virus scan immediately – this will notify you about malicious websites/activity.
– Report the scam to Facebook or Twitter, depending on where the content is hosted.