The social network Twitter released a statement regarding yesterday’s attack on many popular accounts. Fraudsters distributing bitcoins used Twitter internal tools to hack.
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
— Twitter Support (@TwitterSupport) July 16, 2020
Technical support Twitter said that in order to gain access to the accounts, a “coordinated attack using social engineering” was carried out. Attackers were able to hack into the computers of some company employees who have access to internal tools.
“We found a coordinated social engineering attack on our employees who had access to internal systems and tools. Attackers used this access to gain control over many popular, including verified, accounts, and published their own records, ”technical support writes.
After detecting an attack, Twitter immediately blocked hacked accounts and deleted malicious messages. In addition, the capabilities of a large group of accounts, including verified ones, were limited. After the attack, steps were taken to restrict access to internal systems and tools.
“Users of blocked accounts will be able to access them only after we are confident in the security of the process,” the company said.
According to TechCrunch, a hacker under the pseudonym “Kirk” is behind the hack. Using the internal Twitter tool, he gained access to celebrity accounts and changed his email address, and also published fraudulent entries. At the same time, at first he simply sold access to popular accounts and only later launched a full-scale attack.
Fans of anonymous cryptocurrencies did not fail to take advantage of mass hacking. One of them sent a series of transactions to addresses with text that “warned” hackers about the BTC pseudonymity, unlike Monero.
Recall that on the evening of July 15, Twitter accounts of a number of cryptocurrency exchanges and people popular in the industry were hacked . A little later, fraudulent messages appeared on the accounts of large companies and celebrities, including Elon Musk, Bill Gates, Apple and many others. At the time of publication, the attackers were able to get 12.8 BTC ($ 118,000).