Twitter bitcoin hack: What exactly happened and what Twitter did next
July 15 was not a great day for Twitter. Verified accounts belonging to people like Barack Obama, Elon Musk, Bill Gates, Kayne West and Donald Trump were ‘compromised’ in a bitcoin scam.
After dealing with the crisis over the last few days Twitter has finally put out a statement as a blog post, titled ‘An update on our security incident’, addressing the security breach and providing an overview of how things currently stand (as of July 15, 8:35PM Pacific Time).
Twitter mentions that investigations are on and there are certain details that will be provided later as and when possible so as the Twitter community can learn and benefit from it.
Here’s what happened
Twitter says that certain Twitter employees were targeted “through a social engineering scheme”. “In this context, social engineering is the intentional manipulation of people into performing certain actions and divulging confidential information,” Twitter explained.
The hackers managed to manipulate a few Twitter employees and used their credentials to use Twitter’s internal systems including the two-factor authentication levels. The hackers accessed tools that are available only to Twitter’s internal support teams and targeted 130 Twitter accounts.
Out of these 130 accounts, hackers were able to initiate a password reset and log in to tweet for 45 of them. Hackers also allegedly tried to sell some of the usernames. For almost eight of these manipulated accounts, the hackers managed to download account information through the ‘Your Twitter Data’ tool. This tool gives account owners a summary of their Twitter account details and activity.
Twitter said that forensic review is on to understand exactly what actions the hackers might have taken in these 130 accounts. The platform added that for the eight accounts from whom data was downloaded, they have reached out to them directly and also added that none of these accounts were verified.
What Twitter did about it
Once Twitter was aware that the platform had been hacked, they moved to lock down and get back control of the compromised accounts. They immediately revoked access to internal systems to prevents attackers from getting further access into the system and other user accounts.
They also took preemptive measures of restricting the functionality of many Twitter accounts, some of which were not even hacked. Restrictions included preventing these accounts from tweeting as well as changing the password.
“We also locked accounts where a password had been recently changed out of an abundance of caution,” Twitter added.
All functions have currently been restored.
What the attackers accessed
Did the attackers manage to get their hands on personal information? Twitters says for a “vast majority of people, we believe the answer is, no” but for the 130 accounts targeted - here’s how it stands:
Hackers were not able to view passwords since they are not stored in plain text or accessible via the tools they got access too and used for the attacks. They were, however, able to view personal information like “email addresses and phone numbers, which are displayed to some users of our internal support tools”. For those accounts that hackers were able to take over, “they may have been able to view additional information. Our forensic investigation of these activities is still ongoing,” Twitter said.
Moving forward, Twitter is working on giving access back to all users who might have been locked out due to the remediation process. Investigations are going on and Twitter is securing its systems to prevent future attacks.
Additionally, they are also rolling out a company-wide training session to teach employees how to guard against social engineering tactics.
“We’re embarrassed, we’re disappointed, and more than anything, we’re sorry. We know that we must work to regain your trust, and we will support all efforts to bring the perpetrators to justice,” Twitter said.