The large-scale attack on high-profile Twitter accounts

Several high-profile verified Twitter handles, including the accounts of Elon Musk, Jeff Bezos, Barack Obama, Apple and Uber among others, were victims of a large-scale hack on 15 July 2020. A tweet was sent from these accounts one after the other, stating that they were giving back to the community, and any bitcoin transferred to an address mentioned in the tweet would be doubled and returned.

The attack took everyone by surprise, especially the security team at Twitter. The tweets were removed soon after the attack, and Twitter had to partially shut down their network. They disabled the tweeting functionality for verified accounts (accounts with the tick mark) for a while.

Cameron Winklevoss, the founder of the cryptocurrency company Gemini, tweeted that all the tweets were a scam, and nobody should participate in it. Gemini’s Twitter handle was compromised as well.

Although the message looks like a hoax to most people, there are a few people who fell for the attack. The bitcoin wallet that the tweets pointed to received around $115,000 (12.86 bitcoins). It is not clear how much of this was driven by the tweets though.

The widespread nature of this attack classifies it as one of the largest attacks to ever occur on a social media platform. Cybersecurity experts speculate that the attackers gained access to internal Twitter controls, which allowed them to access and tweet from these accounts. Twitter CEO Jack Dorsey tweeted that it was “a tough day at Twitter” and that they were diagnosing the issue and would share everything they can when they have a complete understanding of what exactly happened.

Later that day, Twitter revealed that they detected a social engineering attack. The attackers targeted some of their employees who had access to internal systems and tools and used that access to carry out the attack.

The biggest hit that Twitter took during the whole incident is probably to its reputation. Many celebrities and brands use Twitter as a medium of communication, and it was believed to be an authentic safe space. The attack proves that this may not be true. Moving forward, Twitter will have to take measures to verify the authenticity of the messages on its platform.

Although an attack on this scale has never been seen before, there have been a few incidents that compromised high profile user accounts on Twitter in the past.

In 2017, President Donald Trump’s Twitter account was taken down for 11 minutes by a departing employee from Twitter. Twitter had informed us that they had taken safeguards to make sure this doesn’t happen again, but no other details were revealed.

In 2019, Twitter CEO Jack Dorsey’s account was hacked as well, by a group that calls themselves the Chuckle Squad. Many offensive tweets were sent from Dorsey’s account. Twitter later revealed that the phone number linked with the account was compromised, and that’s what allowed the attackers to tweet from his account via text. They claimed that no internal breaches were detected.

Experts say that it’s a huge relief that the attackers used these accounts for monetary gains, and not to spread false information. In 2013, the Twitter account of the Associated Press was hacked, and a tweet was sent out stating that the White House was under attack, leading to mass hysteria among the public. Because quite a few accounts were hacked this time, it would have been quite catastrophic if the attackers used the accounts to spread fake news.

More than anything else, this incident serves as a warning to all users of Twitter, or any other social media platform. This just goes to prove that 100% privacy is a myth, and a hack can occur from anywhere, with the smallest vulnerability found. It is essential to be careful and stay vigilant online, for the internet is dark and full of terrors.