Twitter reveals how Bitcoin scammers hijacked celebrities' accounts
31 July 2020, 10:00 | Updated: 31 July 2020, 10:34
Twitter has revealed how accounts belonging to celebrities including Barack Obama, Jeff Bezos and Kim Kardashian were hijacked by Bitcoin scammers two weeks ago.
At the time the company confirmed that a "co-ordinated social engineering attack" had allowed criminals to post tweets from celebs' accounts offering to send $2,000 for every $1,000 sent to a Bitcoin address.
The company has now confirmed that 130 accounts were targeted by the criminals, with 45 being used to send tweets. The criminals also accessed the DM inboxes of 36 users and downloaded the Twitter data of seven.
Now the company has provided details about the social engineering attack - a way of describing a security breach based on convincing someone to provide access, rather than finding flaws in the software.
Twitter said it "targeted a small number of employees" who were called over the phone and tricked into providing their log-in credentials.
"A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools," the company said.
"Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes.
"This knowledge then enabled them to target additional employees who did have access to our account support tools," the company explained.
The Bitcoin scam posted from the 45 affected accounts appears to have earned the criminals about £95,000 after around 400 payments were sent to three addresses.
However, that would not have been the best way to monetise the criminals' access to the platform, suggesting the hackers were either very inexperienced or that the Bitcoin scam was a distraction from the account data which they truly wanted to steal.
"Since the attack, we've significantly limited access to our internal tools and systems to ensure ongoing account security while we complete our investigation," said Twitter.
"We're sorry for any delays this causes, but we believe it's a necessary precaution as we make durable changes to our processes and tooling as a result of this incident."
The company said it would provide a more detailed technical report on the incident at a later date, but was unable to do so immediately due to the "ongoing law enforcement investigation".
(c) Sky News 2020: Twitter reveals how Bitcoin scammers hijacked celebrities' accounts