In what is being described as the biggest Twitter hack of all time, and potentially one of the largest cyber incidents of all time, many high-profile Twitter accounts have been breached
On the 15th of July 2020, late evening UK time, many Twitter accounts started posting messages about ‘giving back to the community’ alongside a bitcoin wallet address. Every tweet claimed that if a certain amount of money was given to the wallet, an even larger number would be given back.
Accounts with huge followings, ranging from the official Twitter accounts for Apple, Tesla, and Uber, to the personal accounts used by Joe Biden, Elon Musk, Barack Obama, and Kanye West, were all affected. Twitter have since announced that they themselves were the victim of a ‘coordinated social engineering attack’ which was successful. This gave attackers access to Twitter’s internal systems and tools, which allowed the attackers to take control of the affected accounts.
Following the incident, Twitter has launched a review of the access granted to their internal tools, in an attempt to stop an incident like this happening again. The FBI released a statement encouraging individuals to avoid sending money to unknown cryptocurrency wallets. It is believed that over $100,000 has already been sent to the address posted. It is still unknown who is behind this attack.
Experts were reportedly surprised at the scale of the incident, which suggested the criminal-hackers may have gained access through Twitter’s system, rather than through individual accounts. Yes, Criminals have most likely conducted an inside-job on this occasion, and it does not appear to have been a successful direct hack – we wait for further details. However, once again this incident highlights the variation of attack methods criminals will employ to extort money. AND, it’s another timely reminder that both Corporate and individual security measures/protocols need to be in place, to a high standard and remain robust as previously highlighted by Valkyrie.
- Twitter hack: Obama, Bezos and Kardashian targeted by Bitcoin-scam
http://news.sky.com/story/twitter-hack-obama-bezos-and-kardashian-targeted-by-bitcoin-scam-12029394 - https://www.dailymail.co.uk/sciencetech/article-8527407/Elon-Musk-s-Twitter-shares-tweet-prompts-users-send-money-return-double-amount.html
How can you protect your Twitter account:
The individual accounts in this attack were not at fault, but Twitter accounts are still targeted every day. By doing the following, you can greater protect your Twitter account from hackers:
Have a strong password. This should be at minimum 12 characters in length and should not be used for any other account. This advice should also be followed for the email account linked to your Twitter account
- If possible, enable 2-factor-authentication (2FA) to prevent unwanted access to your account.
- Check which apps have permission to use your Twitter account. To do this, log onto Twitter and go to the settings page. Go to account, then Apps and sessions. Here you will see all the apps and devices that have access to your Twitter account, and you can revoke the access if needed.
- Never click on a suspicious link, and only ever enter your Twitter username and password to a trusted Twitter website or application.
Valkyrie