December 23, 2024

Widespread Twitter Hack Compromises High-Profile Accounts Including Apple's

Posted July 16, 2020 at 12:07am by iClarified · 6773 views
A widespread Twitter hack has compromised numerous high-profile accounts including @apple, @elonmusk, @jeffbezos, @billgates, and others.

At 4:58pm EST, the @apple account tweeted:

-----
We are giving back to our community. We support Bitcoin and we believe you should too!

All Bitcoin sent to our address below will be sent back to you doubled!

XXXXXXXXXXXXXXXXXXXX

Only going on for the next 30 minutes.
------

Similar scam messages have been tweeted by accounts belonging to other verified companies and users. At 5:45pm, Twitter Support said, "We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly."

At 6:18pm, Twitter said, "You may be unable to Tweet or reset your password while we review and address this incident."

At 7:18pm, the company tweeted, "We’re continuing to limit the ability to Tweet, reset your password, and some other account functionalities while we look into this. Thanks for your patience."

At this point, it's unclear if the individual accounts have been compromised or whether Twitter's internal services have been hacked. However, given the far-reaching nature of the attack it's likely the hackers have compromised the service itself.

The bitcoin account being tweeted appears to have received around $120,000 USD worth of bitcoin thus far. You can check out the transactions here.

Update 8:41pm:
"Most accounts should be able to Tweet again. As we continue working on a fix, this functionality may come and go. We're working to get things back to normal as quickly as possible."

Update 10:38pm:
"Our investigation is still ongoing but here’s what we know so far:

We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools. We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.

Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers. We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this. This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do.

We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely. Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues."

Please download the iClarified app or follow iClarified on Twitter, Facebook, YouTube, and RSS for updates.