Top US Twitter accounts hacked by scammers
‘Co-ordinated social engineering attack’ blamed on scammers seeking bitcoin payments from the official accounts of Apple, Uber, Kanye West, Bill Gates and Barack Obama, among others
San Francisco — Twitter is probing a huge attack on high-profile users from Elon Musk to Joe Biden that has raised questions about the platform's security as it serves as a megaphone for US politicians ahead of November's election.
Posts by scammers trying to dupe people into sending money to a specific bitcoin account were tweeted by the official accounts of Apple, Uber, Kanye West, Bill Gates, Barack Obama and many others on Wednesday.
“We detected what we believe to be a co-ordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” Twitter said.
The fraudulent posts, which were largely deleted, said people had 30 minutes to send $1,000 in the cryptocurrency, promising they would receive twice as much in return.
A total of 12.58 bitcoins — worth almost $116,000 — were sent to e-mail addresses mentioned in the tweets, according to the site Blockchain.com, which monitors crypto transactions.
The account of President Donald Trump, which has 83.5-million followers, was not targeted.
With the presidential election just over three months away, the influence that social media platforms have on politics has become a hotly debated issue in the campaign.
Just hours before Wednesday's hack, the House of Representatives committee on oversight and reform called for the appointment of a national cybersecurity tsar.
In a sign of their growing role in public life in the US, social media have become essential geopolitical tools, especially in times of crisis.
“For US decisionmakers, Twitter presents a bit of a paradox,” say Heather Williams and Alexi Drew, who just published a book on Twitter's place in diplomacy for the Centre for Science and Security Studies at King's College in London.
“On the one hand, tweets from government officials may help shape the American public narrative and provide greater insights into US decision-making to reduce misperception by foreign actors,” they wrote.
“On the other hand, tweets may increase misperception and sow confusion during crises, creating escalation incentives for an adversary,” Williams and Drew wrote.
Twitter said it had locked down the affected accounts and removed the tweets posted by the hackers.
Neither Trump's personal account nor the official White House account were targeted.
“It's because the president's account had already been deleted by a Twitter contractor several years ago and it looks as if they have put a bunch of protections about that account,” the former head of security at Facebook, Alex Stamos, said on CNBC.
In November 2017 Trump's account was deactivated for 11 minutes by a Twitter employee on their last day on the job.
Vice reported that a Twitter insider was responsible for the new hack, citing leaked screenshots and two anonymous sources apparently behind the hack, one of whom told the media outlet they had paid the employee.
US senator Josh Hawley tweeted a letter to Dorsey expressing concern over privacy for the San Francisco-based company's millions of users worldwide.
“I am concerned that this event may represent not merely a co-ordinated set of separate hacking incidents but rather a successful attack on the security of Twitter itself,” he said.
The tweet that appeared on Tesla founder Musk's Twitter feed said: “Happy Wednesday! I am giving back bitcoin to all of my followers. I am doubling all payments sent to the bitcoin address below. You send 0.1 BTC, I send 0.2 BTC back!”
It added that the offer was “only going on for 30 minutes”.
Twitter has been targeted by scammers in the past.
In March 2017, the accounts of Amnesty International, the French economics ministry and the BBC's North America service were broken into by hackers believed to have been followers of Turkish President Recep Tayyip Erdogan.