Cyber Hacking News

Hacker used Twitter’s ‘admin’ tool to promote cryptocurrency scam


A hacker supposedly behind the high-profile Twitter account hacks to promote a cryptocurrency scam was reported to have attained access to a Twitter “admin” tool on the company’s network that let him do the hijack.

Twitter confirmed in its tweets that the attack was caused by a coordinated social engineering attack by people who successfully targeted their employees with access to internal systems and tools.

It was reported that a hacked by the name “Kirk” generated more than $100,000 within few hours by getting access to an internal Twitter tool, which they used to take control of popular Twitter accounts.

The hacker made use of the tool to reset the associated email addresses of affected accounts so that it becomes difficult for the owner to regain control. Later he pushed a cryptocurrency scam that claimed whatever funds a victim sent will be sent back doubled.

Kirk began by selling access to vanity Twitter accounts, such as usernames which are short, simple and recognizable. A stolen username or social media handle can go for between a few hundred dollars or thousands.

Kirk contacted a “trusted” member on OGUsers, a forum popular with traders of hacked social media handles, to help sell stolen vanity usernames.

A screenshot was shared showing the alleged internal admin tool. Twitter is removing tweets and suspending users that share screenshots of the tool.

Image Credit : TechCrunch

The tool allows users, apparently Twitter employees to control access to a user’s account, including changing the email associated with the account and even suspending the user altogether.

Even though it is not known how the hacker got access to Twitter’s internal tools, it is believed that a Twitter employee’s corporate account was hijacked. Using a hijacked employee account, Kirk could easily enter the company’s internal network.

In order to get control of the platform, Twitter briefly suspended some account actions — as well as prevented verified users from tweeting. The company later tweeted that they are trying to get things back to normal at the earliest.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    High-profile Twitter accounts hacked to promote crypto scam

    Previous article

    New BlackRock Android Malware targets 337 apps

    Next article

    You may also like


    Leave a reply

    Your email address will not be published. Required fields are marked *