With the US Presidential election only months away, this is an especially concerning incident.
From about 1pm on Wednesday, a range of celebrity and brand accounts started tweeting out a message promoting a crypto giveaway, in which funds sent to a specified bitcoin wallet would return double the amount to the sender.
The messages, which were all similar, and all included the same bitcoin wallet address, were seemingly part of an elaborate hack, likely the largest ever seen on Twitter, which has sparked a new investigation into Twitter's security, and stoked new fears about the security of social media more generally.
Among a range of verified profiles, the hackers gained access to the accounts of:
- Kanye West
- Joe Biden
- Bill Gates
- Jeff Bezos
- Elon Musk
- Mike Bloomberg
- Floyd Mayweather
- Barack Obama
- HQ Trivia
- Warren Buffet
- Kim Kardashian
And users did indeed begin sending money through - as noted by The Verge, because the exchanges are publicly listed on the blockchain-based network, people were able to monitor the transactions shifting funds to the bitcoin wallet address listed in the tweets. More than $300k, in total, had been transferred before reports of the hack started coming through. Experts say that these transactions are not reversible.
Twitter has since investigated the incident, and has provided this update:
"Our investigation is still ongoing but here’s what we know so far:
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools. We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.
Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers. We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this. This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions, and will update you if we do.
We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely. Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues."
The FBI has since reported that it will be leading a federal inquiry into the incident.
As noted, the incident is a major concern for Twitter's security, and while Twitter is still working out the specifics of how the hackers managed to gain access to these accounts, various concerns have been raised as to the breadth of issues that such capacity could cause - with some even suggesting that hacks of this type could spark increased global tensions.
That may seem overblown to some, but when you consider the way that US President Donald Trump has used tweets to communicate foreign policy, the threat here is very real.
"Twitter is, for better and worse, one of the world’s most important communications systems. [...] After today it is no longer unthinkable, if it ever truly was, that someone could take over the account of a world leader and attempt to start a nuclear war."
Indeed, back in 2018, there were legitimate concerns that Trump might do exactly that, after he tweeted this comment directed at North Korean dictator Kim Jong Un.
North Korean Leader Kim Jong Un just stated that the “Nuclear Button is on his desk at all times.” Will someone from his depleted and food starved regime please inform him that I too have a Nuclear Button, but it is a much bigger & more powerful one than his, and my Button works!— Donald J. Trump (@realDonaldTrump) January 3, 2018
If it's possible for others to gain access to these accounts, there's a very real concern that untold damage could result, which both underlines the importance of social media platforms in the modern communications landscape, and the responsibility they have to manage such access.
Which points to the key question Twitter will now have to answer - can it be trusted with such immense responsibility?
The incident could have major long-term implications. High profile users might abandon the platform due to concerns over potential misrepresentation, political leaders could rightfully be advised to shut down their accounts. If it's possible for these profiles to be accessed on such a broad scale, that obviously leaves a lingering question as to whether they're even worth the risk.
At present, the leading theory on the source of the breach was via an internal control panel, which is only accessible by Twitter employees.
In the hours after the incident, Twitter began deleting posted screenshots of an internal tool with the capacity to access a range of Twitter accounts, while various hacker groups noted that the tool could be used to access verified accounts.
One report suggested that a hacker had been able to gain access to the control panel by befriending a Twitter employee on Discord, then paying the employee for their access info. That would align with Twitter's statement that "employees with access to internal systems and tools" had been targeted - though again, that raises questions over how people, even internal staff, are able to access accounts, and tweet on other users' behalf.
As Twitter notes, after initially blocking all verified accounts, most are now back, but the incident has opened up a whole new chasm of concern for the Twitter team.
Both Twitter CEO Jack Dorsey and product lead Kayvon Beykpour have apologized for the incident.
Tough day for us at Twitter. We all feel terrible this happened.— jack (@jack) July 16, 2020
We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.
???? to our teammates working hard to make this right.
That won't be enough, and it seems likely that significant changes - even, potentially, major staffing shifts - will occur as a result.
UPDATE: On Thursday evening, Twitter posted this update on their investigation:
"Based on what we know right now, we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident. For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts. We’re working with impacted account owners and will continue to do so over the next several days.
We're continuing to assess whether non-public data related to these accounts was compromised, and will provide updates if we determine that occurred. For all accounts, downloading Your Twitter Data is still disabled while we continue this investigation.
We've also been taking aggressive steps to secure our systems while our investigations are ongoing. We’re still in the process of assessing longer-term steps that we may take, and we'll share more details as soon as we can."