Twitter confirms internal tools used in bitcoin-promoting attack

Twitter said it detected what it believes to be a coordinated social engineering attack by people who successfully targeted some of the company's employees that have access to internal systems and tools.
Written by Asha Barbaschow, Contributor

After a number of high profile Twitter accounts, including those belonging to Bill Gates, Elon Musk, and Apple, were breached on Wednesday, resulting in anyone with a verified account unable to tweet for hours, the social media giant has said it believes a "coordinated social engineering attack" was at play.

"We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools," the company tweeted.

"We know they used this access to take control of many highly-visible (including verified) accounts and tweet on their behalf. We're looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it."

Twitter said once it became aware of the incident, it immediately locked the affected accounts and removed tweets posted by the attackers.

The company continued by confirming it did limit functionality for a "much larger group" of accounts, even those with no evidence of being compromised, as it continued its investigations.

"This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do," Twitter wrote.

Accounts that were compromised remained locked as of 7:38pm PT and the company said access would be restored to the original owner only if it is certain that this could be done securely.

Internally, Twitter said it has also taken steps to limit access to internal systems and tools while the investigation is ongoing. 

A similar crypto scheme was the basis of a targeted attack on YouTube accounts earlier this year. A hacker hijacked YouTube accounts, renamed them to various Microsoft brands, and used them to broadcast a cryptocurrency Ponzi scam to thousands of users, posing as a message from Bill Gates.

Elon Musk is also a frequent target of account takeovers and hackers pushing bitcoin giveaway scams.

More to come.


Editorial standards