A number of high-profile Twitter accounts have been hacked in an apparent Bitcoin scam. Barack Obama, Joe Biden, Jeff Bezos, Elon Musk, Apple and Uber all posted messages asking users to send money to an anonymous online bitcoin wallet.
Twitter confirmed the hack happened internally. Some story’s in the press claim that staff were bribed to offer the attackers access .
At the time of us writing this story the bitcoin account had been paid $116,783.46
An example of one of the tweets is shown below :-
In a series of tweets Twitter said :-
We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly.
You may be unable to Tweet or reset your password while we review and address this incident.
We’re continuing to limit the ability to Tweet, reset your password, and some other account functionalities while we look into this. Thanks for your patience.
Most accounts should be able to Tweet again. As we continue working on a fix, this functionality may come and go. We’re working to get things back to normal as quickly as possible.
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.
Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers.
We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this.
This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do.
We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely.
Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.