Twitter was rocked last night by a massive bitcoin scam involving hundreds of popular accounts, including Elon Musk and Barrack Obama. Here's everything you need to know:
If you were on twitter last night, you will have seen everyone going nuts over a series of high-profile accounts being hacked simultaneously. It began with news that the official Twitter accounts belonging to Elon Musk and Bill Gates had both posted a bitcoin scam message, and it soon emerged that this was just the tip of the iceberg.
Countless high-profile and verified accounts appeared to be breached, including Apple, Barrack Obama, Joe Biden, Kanye West, and more. A number of claims surfaced that accounts which definitely used unique passwords and two-factor authentication had been breached, which meant that the attack wasn't against all the individuals hit -- It was Twitter itself that had been breached.
Each hijacked account posted the same bitcoin scam message claiming that they want to give back to their community and will send back double for any bitcoin sent to them. The money-doubler scam will be very familiar to those who play massively multiplayer online games such as EVE Online, but unfortunately it looks like a lot of people did fall for the scam as it looks like over £93,000 was sent to the scammer's bitcoin wallet.
Twitter investigated the breach and announced that the hack was assisted by an employee with secure access. The attacker used social engineering techniques on a number of employees with access to internal systems and tools, then used that access to take control of accounts and posted tweets on their behalf. While the investigation was ongoing, all accounts with blue verified checkmarks were temporary blocked from posting.
So what do you need to know?
Q. Was my password breached?
A. We don't actually know yet, but it's possible that no login details were breached and the attacker simply used Twitter's internal tools to tweet on behalf of users. Twitter is still investigating the scale of the computer access and will make an announcement if a database breach is found to have happened.
UPDATE: Twitter has confirmed that the employee reset the passwords on 140 accounts using internal tools. No passwords were breached in this attack.
Q. Can Twitter employees access my account?
A. Yes, it looks like certain Twitter employees have internal tools that let them access your account even if you have two-factor authentication on. These tools are normally secure, but in this case an employee with legitimate access was used by an attacker. Twitter has now significantly limited access to those tools while they're investigating the incident, and has announced that more updates on this are coming.
Q. How should I secure my Twitter account?
A. If you're worried about the breach, it's safest to change your password now. Make sure that you don't use the same password on any other site or service, and if possible randomly generate the password and save it using a password manager service. Enable two-factor authentication so that a suspicious login will be stopped even if they get your password.
Source: Twitter
