A social engineering attack on Twitter resulted in the lockdown of several high-profile accounts.
How Things Went Down
Around 3:00 pm EST on Wednesday, July 15th, the Twitter accounts of several high-profile companies including @bitcoin, @ripple, @binance, @coindesk, and @coinbase tweeted messages urging followers to visit the website CryptoForHealth.
Within hours, the linked website was taken down, but shortly after, several verified Twitter users began sending a similar message promoting the same scam along with a Bitcoin (BTC) address. The promise was that any Bitcoin sent to the BTC wallet would be returned twofold.
Wednesday afternoon, Twitter locked down thousands of verified accounts belonging to high-profile Twitter users and companies to prevent the hackers from carrying out a large-scale cryptocurrency scam. Some of these accounts included Bill Gates, Elon Musk, Apple, Uber, Joe Biden, Kim Kardashian West, Wiz Khalifa, Warren Buffet, Wendy’s, Jeff Bezos, Barack Obama, and Mike Bloomberg.
A few hours later, Twitter Support acknowledged the problem by tweeting, “We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.”
Later that night, Twitter Support released a series of tweets explaining that the compromised accounts were the result of a social engineering attack, which allowed hackers to access Twitter’s internal company tools with employee privileges.
In their explanation, they shared:
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools. We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.
Check if your information has been leaked
They continue to share information about their swift response to the incident:
Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers. We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this.
We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely. Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.
Finally, as their investigation continued, they expressed that they do not believe that the attackers accessed any passwords. Still, out of an abundance of caution, they took a proactive step by locking any Twitter account where a password reset was attempted within the past 30 days.
So far, the Bitcoin address shared by the hackers has been sent over 12 Bitcoins, worth more than $110,000. Satnam Narang, a staff research engineer at Tenable, shared with Threatpost, “This is 100 percent unprecedented. We have never seen such a large and simultaneous number of Twitter accounts hijacked at the same time.” He also shared that users would be more likely to fall for the scam because the Tweets originated from Twitter accounts that had been verified. Coinbase, a popular Bitcoin exchange, has blocked its users from sending money to the address to protect its users.
Twitter’s company stock shares fell 6% in pre-market trading in New York amid the incident.
How Do I Stay Safe?
Use Strong Passwords
A strong password contains at least 12 characters and includes both alphanumeric and special characters like exclamation points, periods, dollar signs, or percent symbols. Avoid using your name, the names of your loved ones, your profession, or any other personal information within your password, as this makes it easy to crack. You can learn more about creating a memorable, secure password here: How to Create a Strong Password That You Will Remember
Use Multi-Factor Authentication When Available
Multi-factor authentication makes it harder for criminals to access your accounts, even if they have your login credentials. It requires that you provide an additional means of verifying your identity before access to your account is provided, such as by entering a security code sent to you by text or email.
Don’t Use the Same Passwords For Multiple Accounts
If one account is hacked, if you’ve used the same (or similar) password for any other accounts that you have, those accounts should be assumed to be compromised as well. Always make sure to use a different password for each account that you have, especially your financial accounts. Consider using a password manager if you aren’t sure that you can remember multiple passwords.
Activate Informaition Leak Monitoring
While you may be taking all the right steps to stay safe online, in this incident, Twitter was the target of a social engineering attack. This means that the hacker gained access to tools and information that should have only been available to Twitter employees. Many of the targeted Twitter accounts shared that they used both two-factor authentication and strong passwords. With hackers accessing Twitter under the guise of being an employee, that simply wasn’t enough. Their accounts and information were available for hackers to access and manipulate.
Because of this and because some companies choose not to disclose breaches for fear of negative publicity or loss of revenue, everyone should use an account monitoring service. Guardio offers account monitoring that can alert you immediately if your account information was shared online or on the dark web for criminals to access so that you know to begin taking action to protect yourself right away.
