The Twitter accounts of some of the most prominent U.S. political and business leaders, from Barack Obama and Joe Biden to Jeff Bezos and Warren Buffett, were hacked Wednesday afternoon in an apparent effort to promote a Bitcoin scam.
The attacks were stunning in scope and almost certainly coordinated. Others whose Twitter accounts were caught up in the security incident included Bill Gates, Elon Musk, Kanye West, Uber Technologies Inc., Apple Inc. and Michael Bloomberg, the founder and majority owner of Bloomberg News parent Bloomberg LP. The accounts sent out tweets promising to double the money of anyone sending funds via Bitcoin within 30 minutes.
As the hack unfolded, verified Twitter accounts suddenly lost the ability to post new tweets. “You may be unable to Tweet or reset your password while we review and address this incident,” Twitter wrote on its support account.
Within hours, Twitter said that access has been restored for most accounts and later added what it knew from its investigation so far. The company said the hack had targeted employees with access to internal systems and tools, which were then used to take control of high-profile accounts.
“We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it,” the company said on its support account.
Chief Executive Officer Jack Dorsey tweeted late Wednesday that the San Francisco-based company was “working hard to make this right.” The company’s shares declined more than 3% in extended trading.
“Tough day for us at Twitter,” Dorsey wrote. “We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.”
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
So far, the Bitcoin address tweeted by the hackers has been sent over 12 Bitcoins, worth more than $110,000. The popular Bitcoin exchange Coinbase has blocked its users from sending money to the address.
Some of the Twitter accounts that were targeted said they used two-factor authentication and strong passwords. The tweets indicate they were posted using Twitter’s web application, sparking theories online that the hack may be internal to Twitter, or a service used to manage accounts.
Whatever the source, the breach prompted a swift response from lawmakers. “I am concerned that this event may represent not merely a coordinated set of separate hacking incidents but rather a successful attack on the security of Twitter itself,” U.S. Senator Josh Hawley, a Republican of Missouri, said in a statement, asking that Dorsey immediately reach out to the U.S. Department of Justice and the Federal Bureau of Investigation.
Exactly what happened remains unclear, although some Twitter accounts and hacking forums have been sharing screen shots purporting to show access to Twitter’s own dashboard allegedly commandeered to control the accounts. Twitter has since removed some of those screen shots, and in one case temporarily suspended the user who posted them.
Accessing this internal portal would have required gaining a Twitter employee’s credentials or finding a dramatic security vulnerability in the platform’s login system. From there, a hacker may have been able to change the email address associated with the account, allowing them to change the password and gain complete control.
While Twitter continues to investigate, cybersecurity experts have begun speculating on other potential sources of the breach. While unlikely, it’s possible there was a bad actor inside Twitter, or working for a software vendor. One of the third-party platforms used to track and publish Twitter content may have been compromised, said Kevin O’Brien, co-founder of cybersecurity firm GreatHorn.
Twitter has previously endured high-profile hacks, including one of Dorsey that was administered through a SIM swap — meaning a user found a way to mimic the phone number of the account and tweet via text message. Following the string of incidents, Twitter closed the loophole by suspending the ability to tweet via text. The official Twitter accounts of more than a dozen NFL teams were hacked earlier this year, just ahead of the Super Bowl.