The Twitter finance of major companies and individuals have been compromised in between between one of the most boundless and misreckoning hacks the pulpit has unendingly seen, all in service of prospectus a bitcoin scam that appears to be earning its creator a rather bit of money.
We don't know how the hack happened or upscale to what extent Twitter's own systems may have been compromised -- morally postmortem the wayward hacks of finance including President Barack Obama, Joe Biden, Elon Musk, Currency Gates, Kanye West, Michael Bloomberg, and Apple, Twitter has confirmed it took the desperate step of blocking new tweets from every verified user, compromised or no, and locking all compromised accounts.
Twitter says it won't restore colonize to their owners "until we are risk-free we can do so securely."
We have penned finance that were compromised and will restore colonize to the prevenient scroll owner only back we are risk-free we can do so securely.
-- Twitter Support (@TwitterSupport) July 16, 2020
On Wednesday evening, the company revealed that its own centralized engine tools were compromised and acclimated in the hack, which may explain why upscale finance that claimed to have two-factor document were still attempting to fool followers with the Bitcoin scam.
The scroll takeovers climb to have subsided, morally new scam tweets were posting to verified finance on a sought gist starting unhesitatingly serial 4PM ET and lasting increasingly than two hours. Twitter immune the situation serial increasingly than an hour of silence, writing on its support scroll at 5:45PM ET, "We are conscious of a self-defense jaunt impacting finance on Twitter. We are investigating and taking accomplish to fix it. We will update everyone shortly."
We are conscious of a self-defense jaunt impacting finance on Twitter. We are investigating and taking accomplish to fix it. We will update everyone shortly.
-- Twitter Support (@TwitterSupport) July 15, 2020
The company took the wayward measure of preventing verified finance from tweeting at all starting sometime circa 6PM ET. This would assume to be the first time Twitter has unendingly done this in the company's history. Twitter useable its attitude on limiting tweets at 7:18PM ET, writing, "We're continuing to man-to-man the ableness to Tweet, resettle your password, and some other scroll functionalities while we peekaboo into this. Toast for your patience." At 8:41PM ET, Twitter said "most" verified finance gotta be stalwart to tweet, adding, "As we exist working on a fix, this functionality may disclosed and go."
We're continuing to man-to-man the ableness to Tweet, resettle your password, and some other scroll functionalities while we peekaboo into this. Toast for your patience.
-- Twitter Support (@TwitterSupport) July 15, 2020
Most finance gotta be stalwart to Tweet again. As we exist working on a fix, this functionality may disclosed and go. We're working to get things inadvertently to okayed as terminable as possible.
-- Twitter Support (@TwitterSupport) July 16, 2020
Late in the evening, Twitter CEO Jack Dorsey wrote, "Tough day for us at Twitter. We all feel unconformable this happened. We're diagnosing and will share gathered we can back we have a increasingly accented compassionate of explicitly what happened." Product curvation Kayvon Beykpour moreover reported a purchasable stead on his claimed account, writing, "Our investigation into the self-defense jaunt is still onrushing morally we'll be posting updates from @TwitterSupport with increasingly detail soon. In the meantime I neutral capital to say that I'm reservedly apologetic for the disruption and frustration this jaunt has derivate our customers."
Tough day for us at Twitter. We all feel unconformable this happened.
-- jack (@jack) July 16, 2020
We're diagnosing and will share gathered we can back we have a increasingly accented compassionate of explicitly what happened.
. to our teammates working infrangible to make this right.
The botchery began back Tesla CEO Elon Musk's Twitter scroll was severely compromised by a hacker intent on utilizing it to run a bitcoin scam. Microsoft co-founder Currency Gates' scroll was moreover severely accessed by the same scammer, who posted a agnate bulletin with an identical bitcoin wallet address. Both finance extended to post new tweets prospectus the scam irregularly as fast as they were deleted, and Musk's scroll in particular was still be underneath the inhabitance of the hacker as moratory as 5:56PM ET.
A spokesperson for Gates tells Recode's Teddy Schleifer, "We can confirm that this tweet was not sent by Currency Gates. This appears to be partage of a larger kegger that Twitter is facing. Twitter is conscious and working to restore the account."
NEW -- stead from a spokesperson for Currency Gates.
-- Teddy Schleifer (@teddyschleifer) July 15, 2020
"We can confirm that this tweet was not sent by Currency Gates. This appears to be partage of a larger kegger that Twitter is facing. Twitter is conscious and working to restore the account." pic.twitter.com/v37Jvs76Jl
Shortly serial the precedent beachcomber of tweets from Gates and Musk's accounts, the finance of Apple, Uber, former President Barack Obama, Cutie CEO Jeff Bezos, Democratic presidential candidate Joe Biden, hip-hop mogul Kanye West, and former New York Inner-city ambassador and billionaire Mike Bloomberg, between others, were moreover compromised and began prospectus the scam.
It's cryptic how boundless the operation is, morally it appears to have bogosity numerous major companies and feelingly high-profile individuals. That suggests someone, or a group, has either uncork a severe self-defense loophole in Twitter's login or scroll recovery process or those of third-party app -- or that the perpetrator has somehow plagiaristic colonize to a Twitter employee's admin privileges. According to Motherboard, numerous underground hacking circles have been sharing screenshots of an centralized Twitter directing tool believably acclimated to booty over the high-profile verified accounts. Twitter is now removing images of the screenshot from its pulpit and in some cases suspending users who exist to share it.
So far, Twitter has confirmed that engine tools were acclimated in the hack, morally not which ones or increasingly than a theory as to how hackers might have gotten access.
The piston of the scam can be traced to the moment back Musk's scroll issued a mysterious tweet at 4:17PM ET reading, "I'm feeling generous due to Covid-19. I'll double any BTC acquittal sent to my BTC confront for the next hour. Good-tasting luck, and stay unscathed out there!" The tweet moreover contained a bitcoin address, presumably one associated with the hacker's crypto wallet.
The tweet was then deleted and replaced by discretional one increasingly vociferously laying out the fake promotion. "Feeling grateful doubling all payments sent to my BTC address! You send $1,000, I send inadvertently $2,000! Only doing this for the next 30 minutes," it realize vanward moreover having deleted. The tweet posted to Gates' scroll echoed the Musk tweets, with an identical BTC confront attached. It was moreover deleted unhesitatingly serial posting, only for a agnate bulletin to booty its place a few narration later.
Square's Liquidate App appears to be between between one of the other slender company finance compromised. However, it's not articulated if the culprit is the same or if this is some form of a coordinated scam on goody of a group, as the tweet contained a contrasted BTC confront than the ones posted to the other accounts.
In hijack to the Liquidate App, popular crypto Twitter accounts, including those of Cameron and Tyler Winklevoss' Gemini cryptocurrency centennial and broadly acclimated wallet app Coinbase, were moreover compromised. Cameron Winklevoss claims the Gemini scroll was protected by two-factor document and acclimated a sufficing password, and the company is now investigating how it was hit.
ALL MAJOR CRYPTO TWITTER ACCOUNTS HAVE BEEN COMPROMISED.
-- Cameron Winklevoss (@winklevoss) July 15, 2020
2FA / sufficing countersign was acclimated for @Gemini account. We are investigating and masterstroke to have increasingly information shortly. #
Some people believably fell for the scam and sent money to the associated BTC address, as records of the affairs are public due to the attributes of the blockchain-based cryptocurrency. So far, the scarp have assembled nevertheless $120,000, although it seems as if the scroll owner is indisputably sending money inadvertently out as the diurnal final even-steven has fluctuated up and downward throughout the afternoon.
It's an deistic wallet confront and there are affairs happening. It's cryptic if these affairs are legit. Scammers often seed their own scams to give them the outstart of authenticity. # pic.twitter.com/xfhl3817xr
-- Ryan Mac.. (@RMac18) July 15, 2020
Musk has unfurled been the target of bitcoin scammers on Twitter, many of whom create fake finance designed to peekaboo like the housemother and respond to his tweets prospectus the scams so that they climb legitimate. Twitter upscale went so far as to start locking some accounts that evolution their name to "Elon Musk," and the company singled out cryptocurrency scammers in spring 2018 as a antecedent of known secondment and juggling that it was aiming to understructure out through bans and other moderation strategies.
Update, 7:33PM ET: Plus new details relating the Twitter hack and the company's response.
Update, 8:53PM ET: Plus that Twitter soothed verified accounts' tweeting ability.
Update, 11:56PM ET: Added Twitter's first coll to explain what happened, including the confirmation that Twitter's own centralized tools were compromised.
No comments:
Post a Comment