Twitter hasissued an update on this week's Twitter hack, in which the accounts of famous and influential people, including Barack Obama, Elon Musk, Joe Biden, Bill Gates, Kanye West, and Michael Bloomberg were used to push a hacker’s Bitcoin scam that led to $120,000 worth of profits.
The good news is the platform has tightened security. The bad news is, hackers got away with a lot more than a few Bitcoin. Per aTwitter post-mortem, published today, the hackers downloaded private information and messages belonging to "up to 8" as yet undisclosed individuals.
If the slightly wonky wording didn’t give it away, the sudden urge by some of the world’s richest people to give away free Bitcoin should have.
On 15 July 2020, the Twitter accounts of high-profile individuals including Jeff Bezos, Elon Musk and Mike Bloomberg, plus corporations such as Apple and Uber, all tweeted messages with almost identical wording: “I am giving back to my community due to COVID-19. All Bitcoin sent to my address below will be sent back doubled.”
It had all the hallmarks of...
According to Twitter, the hackers did so by employing the "Your Twitter Data" service, which allows users to download their full Twitter archive, including Tweets and DMs—possibly even deleted ones.
For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. We are reaching out directly to any account owner where we know this to be true.
While refusing to name the accounts due—somewhat ironically—to privacy commitments, Twitter confirmed that none were verified with the blue tick issued to influential people on Twitter. This rules out a myriad of those affected, including Democratic presidential candidate Joe Biden.
Twitter also disclosed that 130 accounts were compromised in total. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets.
While Twitter affirmed that hackers weren't able to see previous passwords, they did manage to peer into personal information, including email addresses, phone numbers, and geolocation.
How did the hackers take control of Twitter?
As for how the hackers pulled it off, Twitter confirmed that employees inadvertently provided access to the hackers, but didn’t elaborate.
"The attackers successfully manipulated a small number of employees and used their credentials to access Twitter's internal systems, including getting through our two-factor protections," Twitter said in its post-mortem.
Twitter saw a hack on an unprecedented scale on Wednesday when scammers targeted multiple high-profile accounts, sending a volley of tweets extorting Bitcoin from the 346 million followers of Barack Obama, Apple, Uber, Joe Biden, Elon Musk, and 20 others.
The tweets promised users that the account holders would double the donations they sent to the Bitcoin addresses provided—a classic scam. The hackers walked away with around $120,000, but, more importantly, they left some key lessons for social...
A story from the New York Times went into a little more detail. Far from a coordinated attack from a nation-state, or the work of a sophisticated hacking group, the attackers were allegedly a group of young people in their late teens and early 20s.
Speaking to the Times,the juvenile hackers explained how they managed to hijack Twitter's servers via information left on Twitter's internal Slack channel—presumably after being granted access by an unwitting employee.
Twitter’s internal investigators corroborated the hackers' story, reports the Times, noting that it was "consistent with what they had learned so far."
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
Elon Musk’s favorite cryptocurrency made a comeback at the end of last year as retail investors flooded back into the market to snap up Dogecoin. The coin was launched as a joke in 2013, but has persisted over the years and remained prominent.
But just how serious is the business of mining the O.G. meme coin? People are actively buying the machines to do so, according to vendors at this year’s Mining Disrupt conference in Fort Lauderdale, Florida.
Though the conference was heavily focused on th...
Banks can engage in cryptocurrency and other legally permitted activities without seeking prior regulatory approval, so long as they manage risks appropriately, The Federal Deposit Insurance Corporation announced Friday.
The policy change rescinds a 2022 requirement that mandated FDIC-supervised institutions notify the agency before engaging in crypto-related activities. Under the new guidance, banks can offer services involving digital assets without the agency's advance permission.
"With today...
The NASDAQ exchange has applied to the U.S. Securities and Exchange Commission to list shares of an Avalanche exchange-traded fund issued by crypto asset manager Grayscale.
The 19b-4 form for Grayscale's AVAX ETF follows its registration as a Delaware Trust entity more than two weeks ago.
If approved, the AVAX ETF would use Coinbase Custody as its custodian, the 19b-4 shows.
The issuer must still file an S-1 registration statement describing the product, however.
AVAX, the utility token of L...