Twitter was attacked by hackers on Wednesday, and top profile accounts urged followers to send $1,000 in Bitcoin to a specific address with the promise of doubling the investment. Some of the accounts that were compromised included former President Barack Obama, former Vice President Joe Biden, Bill Gates, Jeff Bezos, Elon Musk, and Apple and Uber accounts.
This group of hackers had access to these accounts for about an hour before Twitter support locked down all Blue-Check verified accounts from tweeting and addressed the hack via their platform, “We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly,” read a tweet posted on the company’s official account”. Unverified accounts were able to use the platform as normal.
We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.
— Twitter Support (@TwitterSupport) July 15, 2020
We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.
— Twitter Support (@TwitterSupport) July 16, 2020
Images surfaced after the hack in an article by Joseph Cox on Motherboard that seem to show a Twitter administrator control panel that was accessed by the hackers. In the photo, it shows what appears to be the ability to remove, blacklist, suspend, and bounce accounts. The screenshot has not been validated as an actual Admin panel as of this writing. Mike Coudry, the CEO of YukoSocial, a social media firm for politicians and organizations, stated that Twitter was actively removing these images off of their platform.
UPDATE: Twitter is now removing and deleting images of the admin control panel from its website. pic.twitter.com/ljrpvvmNQz
— Mike Coudrey (@MichaelCoudrey) July 16, 2020
This is not the first time a group of hackers has gained access to high profile accounts. Back in January, 15 NFL teams were hacked on Twitter, with a hacking group that goes by the name”OurMine” on Twitter claiming responsibility. According to an article by Business Insider, “As of the time of this story’s writing, 15 verified accounts belonging to professional football teams have tweeted out strange messages and had their profile photos and banners disappear. The apparent hacks appear to have all happened within the span of a couple of hours on Monday“. The article went on to say, “A group called OurMine is taking responsibility on Twitter for the hacks, which the group says also included some of the Instagram and Facebook accounts of the affected NFL teams. In since-deleted tweets, many of these hacked Twitter accounts posted messages, reading: ‘We’re back (OurMine). We are here to show people that everything is hackable’.”
And in August of 2019 CEO Jack Dorsey’s own Twitter account was taken over by a group calling itself the Chuckle Squad. Twitter claimed it was the phone number through the mobile provider that was associated with the account that was compromised not the Twitter account itself.
We're aware that @jack was compromised and investigating what happened.
— Twitter Comms (@TwitterComms) August 30, 2019
The phone number associated with the account was compromised due to a security oversight by the mobile provider. This allowed an unauthorized person to compose and send tweets via text message from the phone number. That issue is now resolved.
— Twitter Comms (@TwitterComms) August 31, 2019
Shortly after Twitter took back control of their platform, Senator Josh Hawley (R-MO) wrote a letter to Twitter CEO Jack Dorsey suggesting that Twitter works with the Department of Justice and the Federal Bureau of Investigations to secure the platform. He is also requesting a public accounting of how much personal information may have been gathered by the hackers. Hawley stated an overall concern for the security and privacy of the social media platform. The letter read in part, “I am concerned that this event may represent not merely a coordinated set of separate hacking incidents but rather a successful attack on the security of Twitter itself. As you know, millions of your users rely on your service not just to tweet publicly but also to communicate privately through your direct message service. A successful attack on your system’s servers represents a threat to all of your users’ privacy and data security.”
— Josh Hawley (@HawleyMO) July 16, 2020
After about 3 hours, blue-check verified accounts were able to use the platform again. Unverified accounts saw no interruption of service. When all was said and done, Jack took to Twitter and declared it a “tough day” and how they all feel terrible this happened.
Tough day for us at Twitter. We all feel terrible this happened.
We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.
💙 to our teammates working hard to make this right.
— jack (@jack) July 16, 2020