SAN FRANCISCO (CelebrityAccess) — The accounts of multiple high profile Twitter users including Bill Gates, Joe Biden, Barack Obama, and Kanye West, were targeted as part of a widespread attack on Wednesday night.
The attackers used the compromised accounts as part of a scheme to steal bitcoins by soliciting donations from followers on the social media service.
Vice’s Motherboard reported that the Twitter accounts were comprised through Twitter’s own internal tools after the attackers executing a coordinated social engineering attack at at least one current Twitter employee.
As the scope of the attack became clear, Twitter took the extraordinary step of disabling and limiting some of its verified accounts and said it had limited access to its internal tools while it conducted an investigation of the compromise.
“We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it,” Twitter Support said after the attack became evident.
While the immediate impact of the compromise appears to been limited, some experts pointed out that stealing bitcoins may not have been the end goal of such a brazen attack.
“Noisy attacks are a great way to distract security teams from other malicious activities,” data security expert Ryan Olson told Business Insider.
Alun Baker, CEO software security company Clario Tech noted that attackers rarely reveal compromises immediately in such situations, suggesting that the attackers may have been privy to the private conversations of some of the world’s most influential people for some time.
“Typically a hacker has been in business for three to six months before they’re discovered,” Baker told Business Insider. “It’s unusual for a hacker to show their hand right away … The next thing you have to ask yourself is, ‘How long were they in there?'”
Twitter CEO Jack Dorsey (we assume) acknowledged the compromise with a tweet on his own verified account:
Tough day for us at Twitter. We all feel terrible this happened.
We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.
💙 to our teammates working hard to make this right.
— jack (@jack) July 16, 2020