Twitter accounts of celebrities including Barack Obama and Bill Gates were hacked and used to operate a scam, asking people to donate bitcoin.
Hackers used the tools that were normally only available to Twitter staff to attempt to hack into the accounts of 130 high profile people including the former U.S. president. It has been reported that hackers were able to change the passwords of 45 accounts, thereby allowing them to take over those accounts and make use of the Twitter Data download tool. This meant that the hackers could potentially have had access to the private messages, photos, videos, contacts and more for those whose accounts they hacked.
Following the hack, Twitter temporarily tried to stop verified accounts from tweeting, and approximately three hours after twitter was made aware of the attack, the social media giant reported that most accounts had been restored to full functionality.
To date, however, the hackers appear to have used the hacked accounts to send out vague appeals, via the hacked celebrity accounts, asking for bitcoin (cryptocurrency) donations.
It has been reported that the bitcoin account advertised by the hackers received $100,000 worth of Bitcoins through 500+ transactions and that some of this total was then transferred to other bitcoin wallets.
Social Engineering or Inside Help?
It was also said that the hack is thought to have been able to occur due to the hackers using ‘social engineering’ to manipulate and dupe a small number of Twitter staff members, and to use their credentials to get into the system.
Naturally enough, questions have been asked by some people about whether the hackers could possibly have had some inside help. For example, U.S. republican Senator Josh Hawley, recently asked the Twitter Chief Executive Jack Dorsey whether a Twitter employee may have been paid to help hack the high-profile accounts.
Twitter has since apologised for the hack and has is expressed its embarrassment and disappointment about the incident.
What Does This Mean For Your Business?
In the U.S., this hack has meant the ringing of some serious alarm bells due to the fact that that there is a presidential election in a matter of months, the President is himself Twitter’s most prominent user, and social media companies are under great pressure to ensure that their platforms can’t be used by (for example) actors for other states, to influence the outcome of the election, bearing in mind how Facebook was used the last time.
Also, this incident is an example to businesses of how hackers can use social engineering and target particular employees to obtain credentials that can enable them to get into a company system. This should, therefore, be a reminder to companies to alert their employees to the threat of social engineering attacks and put in place measures, procedures and policies to stop employees from being able to give out any sensitive information without proper checks and verification.