High-profile Twitter accounts including Barack Obama, Jeff Bezos, Elon Musk, Joe Biden, Uber and Apple have been hacked in an inside job that is believed to be one of the largest social media breaches ever.
Hackers are thought to have paid one or more Twitter staff for access to internal systems which allowed them to hijack the accounts and post tweets asking users to send them Bitcoin.
Around 300 people were duped by the tweets, sending $100,000 to the hackers before Twitter took the tweets down and then locked all verified accounts to stop the breach spreading further.
List of compromised Twitter accounts
- Barack Obama
- Joe Biden
- Rep. Alexandria Ocasio-Cortez
- Mike Bloomberg
- Elon Musk
- Jeff Bezos
- Bill Gates
- Warren Buffet
- Kanye West
- Kim Kardashian West
- Wiz Khalifa
- Floyd Mayweather
While the motivation behind the attack appears to be financial, many of the hacked accounts also belonged to prominent Democrats - including the likes of Alexandria Ocasio-Cortez and former presidential candidate Mike Bloomberg.
Donald Trump's account does not appear to have been targeted, while other high-profile Republicans also seemed to have escaped unscathed.
Shares in Twitter fell nearly 4 percent in after-hours trading.
'While account take-overs are commonplace, this would be appear to be a compromise on an unprecedented scale,' Brett Callow, a threat analyst at cybersecurity firm Emsisoft, told DailyMail.com of the breach.
Late on Wednesday, Twitter revealed that some of its employees with access to internal systems had been targeted by a 'coordinated social engineering attack,' a term that typically refers to the use of psychological manipulation of individuals to gain access to restricted systems.
Two people who took credit for the breach claimed that they had paid a Twitter insider to carry out the attack for them, according to Motherboard.
'We used a rep that literally done all the work for us,' one of the individuals told the publication.
Following the breach, screenshots that appeared to be of a Twitter administrative panel circulated online.
The admin panel shows details of a user's account and allows the administrator to suspend, permanently suspended, grant 'protected' status.
The panel also shows functions named 'trends blacklist' and 'search blacklist' that suggest Twitter is able to limit how easily an account's tweets appear across the site.
Twitter has been deleting some screenshots of the panel from its service, and has suspended users who have tweeted them, claiming that the tweets violate its rules.
The company said that its investigation into the breach was ongoing.
It is not the first time a Twitter employee has been implicated in malicious actions.
In 2017, a Twitter worker went rogue and briefly deleted President Donald Trump's account before it was quickly reinstated.
According to the Justice Department, two other former Twitter employees previously abused their access to spy on users for the Saudi regime.
Other political figures impacted in Wednesday's attack included Rep. Alexandria Ocasio-Cortez and former Democratic presidential candidate Mike Bloomberg.
Of the politicians affected by the breach, all appeared to be Democrats.
President Donald Trump's account, a high-profile target, was not affected.
It is possible that Twitter has additional restrictions on the accounts of world leaders that make it impossible for most of its own employees to access them.
Trump has been embroiled in a feud with Twitter in recent months, after the social media site began slapping warning and fact-checking labels on some of the president's tweets.
Following Wednesday's breach, Biden's campaign was 'in touch' with Twitter, according to a person familiar with the matter. The person said the company had locked down the Democrat's account 'immediately following the breach and removed the related tweet.'
Trump's re-election campaign seized on the breach, with campaign spokesman Tim Murtaugh mocking the scam message as similar to Biden's policy proposals.
'I've seen creative ways to disguise a tax increase, but this takes the cake,' Murtaugh tweeted. 'Hacked account or not, this is a perfect metaphor for Biden's pitch to taxpayers: 'Give me your money!''
More than an hour after the first wave of hacks, Twitter prevented at least some verified accounts from publishing messages altogether.
According to UN Cybercrime Chief Neil Walsh, the ban extended to all verified accounts worldwide, an unprecedented step that shut down a critical platform for rapid communication.
Verified users include celebrities and journalists, but also governments, politicians and heads of state.
For several hours on Wednesday, Twitter users with verified accounts saw this message when they tried to post a tweet, as the site shut down all checkmarks as a precaution.
Twitter shares fell nearly 4% in after-hours trading as the company froze verified accounts
Although individual Twitter accounts have been briefly breached in the past using stolen passwords, the scale of Wednesday's attack was unprecedented.
'This appears to be the worst hack of a major social media platform yet,' said Dmitri Alperovitch, who co-founded cybersecurity company CrowdStrike.
The fraudulent tweets all followed a similar formula, and directed potential victims to send bitcoin to the same anonymous wallet.
'I am giving back to my community due to COVID-19!' read the scam tweet posted to Obama's account.
'All Bitcoin sent to my address below will be sent back doubled. If you send $1,000, I will send back $2,000!' the fake message continued.
The message shared on Bezos' account stated he is 'only doing a maximum of $50,000,000.'
One scam tweet surfaced on Elon Musk's Twitter account around 4:30pm ET Wednesday
Amazon CEO Jeff Bezos was also among the victims targeted in the bitcoin scam
Most of the fraudulent tweets disappeared within minutes of first being posted, suggesting that Twitter administrators were playing whack-a-mole with the attacker.
Although many users knew the gesture was the working of a cybercriminal, others replied they sent money to the listed account.
Many Twitter users posted screenshots of bitcoin transfer receipts to the wallet listed in the scam, claiming they had been duped before realizing the scam.
Publicly available blockchain records show that the apparent scammers have already received more than $100,000 worth of cryptocurrency, with the amount still growing.
Several Twitter users claimed that they had fallen for the scam and sent bitcoin
Some experts said the incident has raised questions about Twitter's cybersecurity.
'It's clear the company is not doing enough to protect itself,' said Oren Falkowitz, former CEO of Area 1 Security.
Alperovitch, who now chairs the Silverado Policy Accelerator, said that, in a way, the public had dodged a bullet so far.
'We are lucky that given the power of sending out tweets from the accounts of many famous people, the only thing that the hackers have done is scammed about $110,000 in bitcoins from about 300 people,' he said.
© Associated Newspapers Ltd.