As you know, I
wrote last week about a high-profile security breach on Twitter which targeted verified accounts including those belonging to Bill Gates and Elon Musk. For those in the know, the affected accounts tweeted an odd Bitcoin scam giveaway.
The Twitterverse quickly realised this was a scam, but the publicly-listed Bitcoin addresses had already amassed around $300k of cryptocurrency. Twitter locked down the accounts, and provided an explanation:
|
"Shortly after we became aware of the ongoing situation, we took preemptive measures to restrict functionality for many accounts on Twitter - this included things like preventing them from Tweeting or changing passwords. [...] We also locked accounts where a password had been recently changed out of an abundance of caution."
|
Then they followed with another:
|
"We believe attackers targeted certain Twitter employees through a social engineering scheme. [...] The attackers successfully manipulated a small number of employees and used their credentials to access Twitter's internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets."
|
A total of 130 accounts were impacted, and a hacker called "Kirk" claimed responsibility for the attack after New York Times was able to verify their explanations by matching their Bitcoin accounts with the address listed on the tweets. There's a New York Times report about this.
Now to sum it up, this Kirk dude gained access to Twitter's admin tools by being added to Twitter's internal Slack channel where the details he needed are posted. He used this access to initially sell usernames to the gaming community, but that he stopped when the FBI got involved.
