Twitter suffered the biggest security breach in its 14-year history when 130 high profile accounts in America all started tweeting about Bitcoins on the platform last month.
The message said that any bitcoins sent to a link included within the tweets would be doubled, an offer that the tweet stated would only last for 30 minutes. Apple and Uber handles were first to display the messages, followed by the likes of Elon Musk, Bill Gates, Barack Obama, Joe Biden, Mike Bloomberg, Jeff Bezos, Floyd Mayweather, Kanye West, and Kim Kardashian.
Twitter tried to regain control and verified handles (those that are blue ticked) across the world went mute for a short while and were unable to tweet. Even so, in less than five hours, the Bitcoin wallet that was promoted in the tweets received over £95,000 via at least 350 different transactions.
How did it happen?
Twitter has yet to release much information about the attack other than saying it was a coordinated social engineering attack, executed by people who successfully targeted a small number of Twitter employees. The employees had access to internal systems and tools that the hackers were able to utilise to access and take control of highly visible accounts and post tweets on their behalf.
The company has since blocked users from being able to tweet Bitcoin wallet addresses.
What are the implications?
Even though the attack only involved high profile accounts in America, and ordinary users were not affected by it (unless they fell for the actual scam) the implications of the hack are still huge. The FBI has already launched an investigation, suggesting the motivation for the attack appears to have been cryptocurrency fraud.
The attack might have only lasted for a few hours, was suspicious in nature (most followers would have questioned the legitimacy of the tweet from their users) and motivated by money, but it could have been much worse. It raises the question of whether Twitter is adequately prepared. A worst-case scenario could result in a hacker tweeting a very believable piece of information that could have a major impact on financial markets.
American senators have written to the social media giant, demanding an account of how much personal information was lost in the attack, raising more questions of whether the attackers might have stolen users’ private messages, known as direct messages or DMs.
Twitter has stated that they have no evidence that passwords were accessed, but they were still investigating. It all raises a host of other questions, chiefly around trust and accountability.
So, if we don’t trust Twitter, what can we do about it?
The answer is not much. Deleting your Twitter account is not going to help as cryptocurrency scams will likely continue for as long as such methods are possible. Exercising caution and remaining alert remains key. This hack in particular relied on psychology more than anything else, and it could have happened on any social media platform.
Image sourced from Pixabay