Social engineering attack compromises influential Twitter accounts
Attackers paid a Twitter employee to provide access to accounts including those of Bill Gates, Barack Obama and Elon Musk
A coordinated takeover has affected multiple prominent Twitter accounts, including those of individuals like Bill Gates, Barack Obama and Elon Musk, and organisations such as Apple and Uber. Rather than being a hack by malicious outsiders, the attack has been traced back to a compromised Twitter employee.
Tweets from the various accounts encouraged people to send Bitcoin to a specific address, with the promise of doubling it in return.
A source told Vice, "We used a rep that literally done [sic] all the work for us." Another source said they got the insider onboard by paying them.
In a series of tweets, Twitter itself said that the social engineering attack compromised multiple employees. Its first message states, ‘We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.'
Social engineering - targeting humans rather than software and systems - is a basic but widespread type of attack. The Twitter employees apparently had access to an internal tool that not allowed them to reset users' passwords, but also to change the email address associated with an account. Screenshots of the tool have been circulating online since the hack.
Websites like Twitter have a wide audience and are full of influential figures - including celebrities, politicians and business leaders. Even discounting the ability to steal money, hackers who successfully compromise social media accounts can cause major disruption on an international level. It is important that all companies - but especially those in the technology space - ensure that employees, as well as systems, are protected.