Massive Twitter hack hits Barack Obama, Elon Musk and more as verified accounts frozen

1. Dwelling house
2. News
3. Security

Massive Twitter hack hits Barack Obama, Elon Musk and more as verified accounts frozen

(Prototype credit: DAVID MCNEW/AFP via Getty Images)

Are you lot rich and famous? Do greedy young men admire you lot?

Then yous might not have been able to tweet for about two and a half hours today (July 15), because Twitter temporarily disabled the ability of all verified accounts to post anything.

• Everything you demand to know about Bitcoin
• The best identity-theft-protection services
• Only in: Stimulus check 2: AOC urges McConnell to 'get to work'

The security measure was taken considering earlier today, Twitter accounts belonging to dozens of high-contour individuals and companies were hijacked to lure gullible followers into Bitcoin scams.

The hijacked accounts plainly included those of Pecker Gates, Jeff Bezos, Elon Musk, Kanye West, Joe Biden, Floyd Mayweather, Mike Bloomberg, Barack Obama, Warren Buffett, XXXTentacion, Israeli Prime Minister Benjamin Netanyahu, Wiz Khalifa, Apple and Uber.

Soon subsequently 6 p.m. Eastern time, Twitter temporary disabled the ability of verified accounts -- those with a blue check marking -- from sending out any new tweets. The verified accounts regained tweet-power nigh 8:35 p.one thousand. Eastern.

"You may be unable to Tweet or reset your password while nosotros review and address this incident," the Twitter Support account said.

Even our ain Philip Michaels, whose status as a Very Important Californian entitles him to a Twitter verification check mark, found himself unable to communicate with the exterior world en masse. He could nonetheless transport direct letters or retweet other people's tweets.

(Image credit: Twitter screenshot by Tom'due south Guide)

Twitter's drastic motility might take been because the hijacked accounts kept spreading a few hours afterwards they began, with West's wife Kim Kardashian Westward falling victim just after six p.m. Eastern.

(Image credit: Twitter screenshot past Tom'southward Guide)

Interestingly, the Bitcoin address posted on Kardashian'south tweet was different from the accost on well-nigh of the other tweets.

"We are giving back to our community," read the bulletin posted earlier on the Apple account. "We support Bitcoin and we believe you should too! All Bitcoin sent to our address beneath will exist sent dorsum to yous doubled!"

The tweet then posted a Bitcoin address, followed by the words, "Only going on for the adjacent 30 minutes."

(Image credit: Twitter screenshot past Tom's Guide)

Letters posted on other accounts varied, but all included the same Bitcoin address, which had received nearly 13 bitcoin as of this writing, or about $119,000 in U.Southward. dollars -- all of information technology today. (It had as well sent out more than 7 bitcoin.)

"I accept decided to give back to my customs," the Bezos tweet said before information technology, like the others, was taken downwards. "All Bitcoin send to my address beneath will exist doubled. I am but doing a maximum of $l,000,000."

(Image credit: Twitter screenshot by Tom'southward Guide)

This isn't the first time Elon Musk's name has been used in a Bitcoin scam. Final calendar month, a security firm found that scammers had been creating custom Bitcoin addresses that incorporated Musk'south name.

The cryptocurrency news site CoinDesk reported that the business relationship hijackings began with nigh a dozen cryptocurrency-related accounts all tweeting out the same affair: "We have partnered with CryptoForHealth and are giving dorsum 5000 BTC to the customs. Run across more here: cryptoforhealth.com".

There is no website at that accost. About an hour afterwards, the hijacking of high-profile individuals and companies began with the messages you've seen higher up.

It's not clear how the scammers got into so many high-contour Twitter accounts at once. It'south unlikely that each could have been individually compromised, although accounts of public figures are often shared among several staffers on the account holder'due south payroll.

Equally the Verge put it, these incidents advise "that someone has either institute a astringent security loophole in Twitter'south login process or has gained access to a Twitter employee's admin privileges."

The latter scenario got support from numerous Twitter users who claimed to have seen login credentials to a Twitter administrative interface billowy effectually hacker forums earlier today, although Tom's Guide couldn't verify any of those claims.

UPDATE:Information technology seems similar the hackers got access to "Twitter Panel", which is basically hacking one of the Twitter admins/employees. This gives direct admin admission to accounts and allows individuals to chance email & password.(Merely a theory)@jack @TwitterSupport @Twitter pic.twitter.com/xdJH9gt1KUJuly fifteen, 2020

See more

Nonetheless this widespread assail was pulled off, the perpetrators seemed to take completely undermined Twitter's own security. We'll have more on this situation when we know more.

(Prototype credit: Twitter screenshot past Tom'southward Guide)

Twitter itself put out a terse argument that information technology was "aware of a security incident impacting accounts on Twitter."

"We are investigating and taking steps to fix it," it added. "Nosotros volition update everyone shortly."

We are aware of a security incident impacting accounts on Twitter. Nosotros are investigating and taking steps to fix it. We will update anybody shortly.July fifteen, 2020

See more

Tyler Winklevoss, one-one-half of the Winklevoss twins whose accidental involvement in the founding of Facebook was made famous by the movie "The Social Network," tweeted out that the Twitter account of his and his brother's Gemini cryptocurrent exchange had been hacked, as had that of several other cryptocurrency services.

Alert: @Gemini's twitter business relationship, along with a number of other crypto twitter accounts, has been hacked. This has resulted in @Gemini, @Coinbase, @Binance, and @Coindesk, tweeting about a scam partnership with CryptoForHealth. DO NOT CLICK THE LINK! These tweets are SCAMS.July 15, 2020

Run into more

More worryingly, Winklevoss said "we take 2FA enabled for @Gemini. We are currently investigating root cause. Please stay tuned."

Two-factor authentication, or 2FA, is a meant to ensure that an aggressor tin't hijack an account even if the assaulter gets the password.

Nosotros would normally urge you to gear up up 2FA on your Twitter account to prevent your account getting hijacked, but that doesn't seem to make any divergence in this example. All y'all can do is take comfort in the fact that you're (probably) not famous.

Can't believe access to all those high profile accounts was burned for a BTC scam ¯\_(ツ)_/¯Could've been MUCH worse:- @JoeBiden before Election Twenty-four hours- @JeffBezos during Congressional Hearing- @elonmusk during $TSLA earnings phone call- @BillGates later on a COVID vaccine annunciation https://t.co/Xzg5DZxdVtJuly 15, 2020

See more

Paul Wagenseil is a senior editor at Tom'south Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, lawmaking monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown upwards in random Television receiver news spots and even moderated a panel discussion at the CEDIA home-engineering conference. You can follow his rants on Twitter at @snd_wagenseil.

Source: https://www.tomsguide.com/news/vip-twitter-hacks

Posted by: hendricksrepasustem67.blogspot.com

Share this post