Several high-profile Twitter accounts which includes that of Bill Gates, Elon Musk and Apple, were breached on Wednesday.
The verified accounts for Gates, Musk and Apple issued tweets promoting a cryptocurrency scam which asked their followers to send money to a blockchain address in return for a larger pay back.
The attacks were initially directed against cryptocurrency-focused accounts such as Bitcoin, Ripple, CoinDesk, Gemini, Coinbase and Binance and all of them were hacked with the same message which reads as “We have partnered with CryptoForHealth and are giving back 5000 BTC to the community.” It was then followed by a link to a phishing website.
The list of some of the breached accounts identified includes Bill Gates, Elon Musk, Jeff Bezos, Joe Biden, Barack Obama, Mike Bloomberg, Warren Buffet, Apple, Kanye West, Wiz Khalifa, Kim Kardashian, Floyd Mayweather, Uber, CoinDesk, Binance, Bitcoin and Gemini.
Twitter made an official statement that they are aware of the security incident that had affected some Twitter accounts. They stated that the investigation is going on and are taking necessary steps to fix it.
As part of the company’s remediation efforts all the verified accounts which has been used to promote scam were blocked from tweeting.
However, most of the hacked accounts have now been restored to the owner’s possession and the scam posts are removed. The bitcoin address mentioned in most of the tweets received more than $120,000 in bitcoins from hundreds of transactions.
Some of the tweets that promoted the scam also included a link to a website, which has now been taken down.
It is not clear who was behind the attack, or whether the attackers had access to direct messages sent to or from the affected accounts.
There have been several speculations regarding how the hack is being carried out and the most popular ones include breaching the account of a Twitter high-ranking employee and that the hackers have found a zero-day which they used to bypass the site’s authentication.
Five hours later, Twitter stated that their internal systems and tools were used for the attack that was enabled by social engineering.
Image Credits : Elevenews