Twitter internal systems hacked; compromises accounts of Bill Gates, Barack Obama, and dozens of others

Twitter has today witnessed one of the most brazen online attacks in its history. Accounts of around dozens of celebrities and companies were hacked, including the likes of Barack Obama, Bill Gates, Joseph R. Biden Jr., Elon Musk, Apple, Uber, etc.

The attacker used the hacked accounts for posting messages on Twitter about sending Bitcoin to them and they would send back double the money. The attack seems to have lasted for more than two hours.

Officials noted that the breach did not affect the account of President Trump, which is under a special kind of lock-and-key after past incidents. This hints that the problem was caused by a security flaw and not lax security measures.

How did it happen?

As per the report from TechCrunch, a hacker named “Kirk” generated over $100,000 within hours of gaining access to Twitter’s internal tool, which led to taking control of dozens of accounts. The report also claims that the hacker updated the associated email addresses of the accounts to make it difficult for the owner to regain access.

Twitter-Internal-Tool-Leak
A leaked image of Twitter’s alleged internal tool for managing user accounts

It is not yet known how “Kirk” got access to Twitter’s internal tools. There’s a hypothesizes that a Twitter employee’s corporate account was hijacked, giving the hacker access to the platform’s internal network.

Twitter’s Response

In its efforts to prevent further damage and fix the issue, Twitter took an unprecedented move — it prevented verified accounts from tweeting for a few hours. This is the first time Twitter has done something like this.

The company announced that it is resetting passwords of the accounts and is limiting some functionalities. Hours after the hack, Twitter had still not completed fixing but said that “most” verified accounts were able to tweet.

A spokesperson of Twitter later said that several employees with access to internal systems had their accounts compromised in a “coordinated social engineering attack.” The attacker then used Twitter’s internal systems to tweet from high-profile accounts.

Jack Dorsey, Twitter’s chief executive officer said that the company is diagnosing and will share everything it can when the company has a more complete understanding of exactly what happened.

Involvement of Law Enforcement Agency

The hack has also caught the attention of the FBI. The FBI’s San Francisco field office said in a statement: “We are aware of today’s security incident involving several Twitter accounts belonging to high profile individuals. The accounts appear to have been compromised in order to perpetuate cryptocurrency fraud. We advise the public not to fall victim to this scam by sending cryptocurrency or money in relation to this incident.”

Source 1, Source 2, Source 3