Social media
giant Twitter is sharing updates coming out of the second day of investigations
into this week’s hack of high-profile accounts by Bitcoin scammers.
Avid readers will recall that Twitter recently fell victim to a massive social engineering scheme that compromised several high-profile accounts, including those belonging to Elon Musk, Barack Obama, Joe Biden, Kanye West, Bill Gates, Jeff Bezos, Uber, Apple and others.
“We detected
what we believe to be a coordinated social engineering attack by people who
successfully targeted some of our employees with access to internal systems and
tools,” Twitter said in a series of updates posted to Twitter Support
yesterday, hours after the attack was discovered.
The
attackers, which some believe may have ties to Russia, used this access to take
control of multiple verified accounts and tweet on their behalf, demanding
Bitcoin donations for Coronavirus relief with the promise to reimburse donors
two-fold. According to reports, the scammers had amassed over $100,000 in
cryptocurrency before Twitter severed the hackers’ ties to the compromised
accounts.
“We’re
looking into what other malicious activity they may have conducted or
information they may have accessed and will share more here as we have it,” the
company said.
Earlier today, Twitter resumed the update stream revealing what came out of the second day of its investigations into the breach.
“Based on
what we know right now, we believe approximately 130 accounts were targeted by
the attackers in some way as part of the incident. For a small subset of these
accounts, the attackers were able to gain control of the accounts and then send
Tweets from those accounts,” the first update says.
“We’re
working with impacted account owners and will continue to do so over the next
several days. We are continuing to assess whether non-public data related to
these accounts was compromised, and will provide updates if we determine that
occurred,” reads another.
Twitter
users will be unable to download a copy of their data while the investigation
is still ongoing. The company has taken“aggressive steps” to secure its systems
and is now assessing longer-term steps it may take. Twitter promises to share
more details as soon as it can.
“Thank you
for your continued patience and understanding while we investigate this
incident. We’ll continue to provide updates when we have them,” the last update
reads.
Cybersecurity journalist Brian Krebs postulates thatthe threat actors are a group of SIM swappers whorecentlyclaimed they could change the email address associated with any Twitter account.