A Twitter hack has been dubbed “the worst in its history” after fraudulent information reached millions of people and brought cyber criminals more than £80,000 in just a matter of hours.
Some of Twitter’s highest profile accounts were targeted in the hack this month, among them Barack Obama, Elon Musk and Kanye West, as well as the official accounts for Apple and Uber. It saw tweets sent from their accounts offering to double any money sent to them in Bitcoin – with added urgency in the form of the “offer” only being available for 30 minutes. Surely enough, the tweets were fraudulent and were deleted by Twitter shortly afterwards – but not before some users parted with their cash.
The impact this hack had on Twitter was severe, with the company having to prevent all verified accounts from tweeting for some time, whilst it scrambled to contain the attack.
It’s now thought that around 130 accounts were targeted, with hackers managing to change the passwords of 45 – which were most likely offered for sale before Twitter wrested back control.
It appears the hackers managed to access one of Twitter’s internal dashboards, allowing them to add new email addresses to a profile so they could log in using these credentials. Though it’s not yet known how the hackers managed to access the dashboard, it’s thought they either got in through a phishing scam, or may even have managed to get Twitter employees to hand over access – by offering them a cash reward or extorting them through other means. Twitter appeared to confirm this but was no more specific; saying the hack came as a result of “co-ordinated social engineering” which successfully targeted some employees.
For those accounts which fell victim to the attack, there could be far-reaching consequences, with hackers likely to have had access to their private messages.
It also raises GDPR concerns, and Twitter could face a serious fine if data protection officers deem the social network to have not put sufficient measures in place to protect European users.
The hack has now been fully contained and the hackers have already money the money on, but it’s yet to be seen how much long-term damage it will do to Twitter’s reputation.