The Twitter logo is displayed on an Apple laptop computer. Picture: BLOOMBERG/GABBY JONES
The Twitter logo is displayed on an Apple laptop computer. Picture: BLOOMBERG/GABBY JONES

San Francisco — Twitter is investigating a huge hack in which high-profile users from Elon Musk to Joe Biden had their accounts hijacked by scammers, who the social network believes targeted its employees to gain access to internal systems.

Posts trying to dupe people into sending hackers the cryptocurrency bitcoin were tweeted by the official accounts of Apple, Uber, Kanye West, Bill Gates, Barack Obama and many others on Wednesday.

“We detected what we believe to be a co-ordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” Twitter said.

“They used this access to take control of many highly-visible ... accounts,” the company said, adding that it was investigating “what other malicious activity they may have conducted or information they may have accessed.”

The fraudulent posts, which were largely deleted, said people had 30 minutes to send $1,000 in bitcoin to receive twice as much in return.

A total of 12.58 bitcoin — worth almost $116,000 — were sent to the e-mail addresses mentioned in the fraudulent tweets, according to the site Blockchain.com, which monitors crypto transactions.

“Tough day for us at Twitter,” CEO Jack Dorsey said in a tweet.

“We all feel terrible this happened. We're diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.”

Blue ticks

The Biden campaign said that Twitter locked down the hacked account quickly and removed the bogus tweet.

US President Donald Trump’s account, which has more than 83-million followers, was not among those hacked.

“Most accounts should be able to Tweet again,” the Twitter support team said in an evening update, having earlier briefly disabled posts from verified accounts with an official blue checkmark.

The network said it had locked down the affected accounts, which also included bitcoin speciality firms, and removed the tweets posted by the hackers.

Twitter added that the network was largely back to normal, but that it “may take further actions and will update you if we do”.

Media outlet Vice reported that a Twitter insider was responsible, citing leaked screenshots and two anonymous sources apparently behind the hack, one of whom told Vice they had paid the employee.

Rachel Tobac of cybersecurity firm SocialProof Security also theorised that hackers had got control of a Twitter employee's administrative access to post the messages.

Meanwhile reports said that BitTorrent CEO Justin Sun was offering a $1m reward for bringing the Twitter hackers to justice.

‘Giving back’

The tweet that appeared on Tesla founder Musk's Twitter feed said, “Happy Wednesday! I am giving back bitcoin to all of my followers. I am doubling all payments sent to the bitcoin address below. You send 0.1 BTC, I send 0.2 BTC back!”

It added that the offer was “only going on for 30 minutes”.

The fake messages that appeared on other famous accounts made similar promises of instant riches.

One version of the scam invited people to click on a link at which they would be exploited.

“All major crypto Twitter accounts have been compromised,” Gemini cryptocurrency exchange co-founder Cameron Winklevoss said in a tweet.

“This is a SCAM, DO NOT participate!” he warned.

Twitter has been targeted by hackers in the past.

In March 2017, the accounts of Amnesty International, the French economics ministry and the BBC's North America service were broken into by hackers believed to have been loyal to Turkish President Recep Tayyip Erdogan.

Last August, a series of insulting or racist messages were posted on the personal account of Twitter founder Dorsey without his knowledge.

AFP

Would you like to comment on this article or view other readers' comments?
Register (it’s quick and free) or sign in now.

Speech Bubbles

Please read our Comment Policy before commenting.