Jump to content

Twitter silences some verified accounts after wave of hacks


webfact

Recommended Posts

Twitter silences some verified accounts after wave of hacks

By Joseph Menn, Raphael Satter and Katie Paul

 

2020-07-15T235324Z_4_LYNXNPEG6E1SZ_RTROPTP_4_TWITTER-SECURITY.JPG

FILE PHOTO: The Twitter logo and binary cyber codes are seen in this illustration taken November 26, 2019. REUTERS/Dado Ruvic/Illustration

 

SAN FRANCISCO (Reuters) - A series of high-profile Twitter <TWTR.N> accounts were hijacked on Wednesday, with some of the platform's top voices - including U.S. presidential candidate Joe Biden, reality television show star Kim Kardashian, former U.S. President Barack Obama, billionaire Elon Musk, and rapper Kanye West, among many others - used to solicit digital currency.

 

Nearly two hours after the first wave of hacks, the cause of the breach had not yet been made public. In a sign of the seriousness of the problem, Twitter took the extraordinary step of preventing at least some verified accounts from publishing messages altogether.

 

It was not clear whether all verified users were affected but, if they were, it would have a huge impact on the platform and its users. Verified users include celebrities, journalists, and news agencies as well as governments, politicians, heads of state, and emergency services.

 

Twitter did not offer clarification but said in a statement that users "may be unable to tweet or reset your password while we review and address this incident."

 

The unusual scope of the problem suggests hackers may have gained access at the system level, rather than through individual accounts. While account compromises are not rare, experts were surprised at the sheer scale and coordination of Wednesday's incident.

 

"This appears to be the worst hack of a major social media platform yet," said Dmitri Alperovitch, who co-founded cybersecurity company CrowdStrike.

 

SECURITY BREACH

Some experts said it seemed probable that hackers had access to Twitter's internal infrastructure.

 

"It is highly likely that the attackers were able to hack into the back end or service layer of the Twitter application," said Michael Borohovski, director of software engineering at security company Synopsys.

 

"If the hackers do have access to the backend of Twitter, or direct database access, there is nothing potentially stopping them from pilfering data in addition to using this tweet-scam as a distraction," he said.

 

Twitter told Reuters just before 5 p.m. EDT that it was investigating what it later called a "security incident" and would be issuing a statement shortly. However, as of 7 p.m. the company had still not issued an explanation of what exactly took place.

 

Shares in the social media company tumbled almost 5 percent in trading after the market close before paring their losses.

 

Earlier, some of the platform's biggest users appeared to be struggling to re-establish control of their Twitter accounts. In the case of billionaire Tesla <TSLA.O> Chief Executive Elon Musk, for example, one tweet soliciting cryptocurrency was removed and, sometime later, another one appeared, and then a third.

 

Among the others affected: Amazon <AMZN.O> founder Jeff Bezos, investor Warren Buffett, Microsoft <MSFT.O> co-founder Bill Gates, and the corporate accounts for Uber <UBER.N> and Apple <AAPL.O>. Several accounts of cryptocurrency-focused organizations were also hijacked.

Altogether, the affected accounts had tens of millions of users.

 

Biden's campaign was "in touch" with Twitter, according to a person familiar with the matter. The person said the company had locked down the Democrat's account "immediately following the breach and removed the related tweet." Tesla and other affected companies were not immediately available for comment.

 

Publicly available blockchain records show that the apparent scammers have already received more than $100,000 worth of cryptocurrency.

Several experts said the incident has raised questions about Twitter's cybersecurity.

 

"It's clear the company is not doing enough to protect itself," said Oren Falkowitz, former CEO of Area 1 Security.

 

Alperovitch, who now chairs the Silverado Policy Accelerator, said that, in a way, the public had dodged a bullet so far.

 

"We are lucky that given the power of sending out tweets from the accounts of many famous people, the only thing that the hackers have done is scammed about $110,000 in bitcoins from about 300 people," he said.

 

(Reporting by Joseph Menn, Raphael Satter, and Katie Paul; Additional reporting by Elizabeth Culliford in San Francisco; Christopher Bing, David Shepardson and Chris Sanders in Washington; and Trevor Hunnicutt in New York. Editing by Sandra Maler, Diane Craft and Aurora Ellis)

 

reuters_logo.jpg

-- © Copyright Reuters 2020-07-16
 
  • Haha 2
Link to comment
Share on other sites

4 hours ago, webfact said:

The unusual scope of the problem suggests hackers may have gained access at the system level, rather than through individual accounts. While account compromises are not rare, experts were surprised at the sheer scale and coordination of Wednesday's incident.

Looking at the names on that list it's unlikely that they all had weak passwords which could easily be guessed. 

That means Twitter has a HUGE problem.

And whoever did this "only" made some money.

Now imagine those accounts hacked on election day in the USA...

 

Maybe that should be a reminder that politicians should use press conferences, press statements, interviews, etc. to communicate with the public. Then a simple hack won't possibly make an election of hundreds of millions of people doubtful or invalid.

  • Like 2
Link to comment
Share on other sites

1 hour ago, pegman said:

If Trump's account wasn't hacked suspicion should first go to Putin's troll farms.

For a couple of dollars?

I am sure Putin would know better how to use that power and he wouldn't be so stupid to show the world that he has that power.

  • Like 2
Link to comment
Share on other sites

1 hour ago, Elkski said:

twitter gave me s permanent suspension 3-4 weeks ago.  I guess  Laura Ingram is a protected person not to cuss at. 

Well that's terrible because Laura Ingram is a (delete) besides being a (delete)!. I've resisted going on Twitter so they can't toss me off.

  • Haha 1
Link to comment
Share on other sites

39 minutes ago, Stargrazer9889 said:

I keep forgetting my twitter password,  now I am glad that my account is

pretty much a dormant one. I do not trust face book as well.

Geezer

Life is better without facebook or twitter in my opinion. I have both....one account is deactivated....the other is dormant. 

  • Thanks 1
Link to comment
Share on other sites

41 minutes ago, Tie Dye Samurai said:

Life is better without facebook or twitter in my opinion. I have both....one account is deactivated....the other is dormant. 

Facebook, where to start... probably with the fact I don't need to know that some bloke I worked with once on a project over ten years ago had successfully tied his shoes that morning and (wait for it) had cornflakes for breakfast. I wanted to headbutt my laptop. Gawd, the inanity...

 

That was the last straw for me, pulled the plug about nine years ago on FB and all other social media and haven't missed it since. The only social media I'm involved with now is LinkedIn and that's only because it's work-related stuff. 

 

I've heard the term FOMO (Fear of Missing Out) has been coined to describe why some folks need to check their social media feeds constantly. Well for me it could be termed JOMO, JOY of missing out!

  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.




×
×
  • Create New...