The Twitter hackers behind the unprecedented coordinated July 15 attack on high-profile accounts of multiple celebrities, politicians, tech titans and Silicon Valley companies went after about 130 separate accounts, the company said late Thursday. The FBI and the New York Attorney General announced probes of the security incident.
The scammers hijacked accounts with tens of millions of followers, including those of Jeff Bezos, Elon Musk, Kanye West and Kim Kardashian West, Barack Obama, Joe Biden, Bill Gates, Mike Bloomberg, Wiz Khalifa, Apple, Uber and Square’s Cash App. They managed to briefly post bogus tweets urging the accounts’ followers to send Bitcoin cybercurrency — promising to send back double the cash.
“Based on what we know right now, we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident,” the Twitter Support team tweeted. “For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts.”
Twitter did not identify the 130 accounts. The company said it is working with “impacted account owners and will continue to do so over the next several days.” Twitter said that at this point, it didn’t know if private data was stolen; however, the company said it believed that the cybercriminals had not gained access to any account passwords.
The hackers managed to rake in $121,000 via the scam from more than 400 payments to three separate Bitcoin accounts, CNBC reported, citing data from blockchain analysis firm Elliptic.
Twitter said that, according to its preliminary internal investigation, the hackers used “social engineering” tactics to carry out the attack, meaning they were able to trick one or more Twitter employees into providing info on how to gain administrative access to the accounts. The hackers claimed they bribed a Twitter insider to do the dirty work on their behalf, Vice’s Motherboard reported, citing anonymous sources.
“We have also been taking aggressive steps to secure our systems while our investigations are ongoing. We’re still in the process of assessing longer-term steps that we may take and will share more details as soon as we can,” Twitter said Thursday evening.
The Twitter account of Donald Trump — one of the platform’s most notorious users — was not compromised in the July 15 hacking blitz. Trump’s account received “extra protections” in the wake of “past incidents,” the New York Times reported, citing sources at the company and the White House. That could be a reference to the brief deactivation of Trump’s handle in November 2017 by a Twitter contract worker (who later claimed he had disabled the president’s account by mistake).
The FBI said Thursday it was investigating the attack. “At this time, the accounts appear to have been compromised in order to perpetuate cryptocurrency fraud,” the FBI said in a statement. “We advise the public not to fall victim to this scam by sending cryptocurrency or money in relation to this incident.”
Also Thursday, New York Attorney General Letitia James announced that her office had opened an investigation into the Twitter hack.
“Countless Americans rely on Twitter to read and watch the news, to engage in public debate, and to hear directly from political leaders, activists, business executives, and other thought leaders,” AG James said in a statement. “Last night’s attack on Twitter raises serious concerns about data security and how platforms like Twitter could be used to harm public debate.”