Twitter hasissued an update on this week's Twitter hack, in which the accounts of famous and influential people, including Barack Obama, Elon Musk, Joe Biden, Bill Gates, Kanye West, and Michael Bloomberg were used to push a hacker’s Bitcoin scam that led to $120,000 worth of profits.
The good news is the platform has tightened security. The bad news is, hackers got away with a lot more than a few Bitcoin. Per aTwitter post-mortem, published today, the hackers downloaded private information and messages belonging to "up to 8" as yet undisclosed individuals.
If the slightly wonky wording didn’t give it away, the sudden urge by some of the world’s richest people to give away free Bitcoin should have.
On 15 July 2020, the Twitter accounts of high-profile individuals including Jeff Bezos, Elon Musk and Mike Bloomberg, plus corporations such as Apple and Uber, all tweeted messages with almost identical wording: “I am giving back to my community due to COVID-19. All Bitcoin sent to my address below will be sent back doubled.”
It had all the hallmarks of...
According to Twitter, the hackers did so by employing the "Your Twitter Data" service, which allows users to download their full Twitter archive, including Tweets and DMs—possibly even deleted ones.
For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. We are reaching out directly to any account owner where we know this to be true.
While refusing to name the accounts due—somewhat ironically—to privacy commitments, Twitter confirmed that none were verified with the blue tick issued to influential people on Twitter. This rules out a myriad of those affected, including Democratic presidential candidate Joe Biden.
Twitter also disclosed that 130 accounts were compromised in total. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets.
While Twitter affirmed that hackers weren't able to see previous passwords, they did manage to peer into personal information, including email addresses, phone numbers, and geolocation.
How did the hackers take control of Twitter?
As for how the hackers pulled it off, Twitter confirmed that employees inadvertently provided access to the hackers, but didn’t elaborate.
"The attackers successfully manipulated a small number of employees and used their credentials to access Twitter's internal systems, including getting through our two-factor protections," Twitter said in its post-mortem.
Twitter saw a hack on an unprecedented scale on Wednesday when scammers targeted multiple high-profile accounts, sending a volley of tweets extorting Bitcoin from the 346 million followers of Barack Obama, Apple, Uber, Joe Biden, Elon Musk, and 20 others.
The tweets promised users that the account holders would double the donations they sent to the Bitcoin addresses provided—a classic scam. The hackers walked away with around $120,000, but, more importantly, they left some key lessons for social...
A story from the New York Times went into a little more detail. Far from a coordinated attack from a nation-state, or the work of a sophisticated hacking group, the attackers were allegedly a group of young people in their late teens and early 20s.
Speaking to the Times,the juvenile hackers explained how they managed to hijack Twitter's servers via information left on Twitter's internal Slack channel—presumably after being granted access by an unwitting employee.
Twitter’s internal investigators corroborated the hackers' story, reports the Times, noting that it was "consistent with what they had learned so far."
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
Stripe is making a renewed push into crypto and artificial intelligence, unveiling a slate of new features at its annual user event on Wednesday in San Francisco.
Two major updates include the rollout of Stablecoin Financial Accounts, which will allow businesses in 101 countries to hold balances in dollar-backed stablecoins, receive funds via crypto or traditional rails, and send stablecoins globally.
It also rolled out a new Payments Foundation Model, an AI system trained on tens of billions of...
DeFi Development Corp., a publicly traded real estate software firm turned crypto holding vehicle, said Wednesday it will execute a 7-for-1 stock split later this month, capping a frenetic pivot into the Solana blockchain ecosystem that has fueled a staggering rally in its share price.
The split, approved by the board and pending regulatory steps, will take effect May 20.
Shareholders of record as of May 19 will receive six additional shares for each share they hold, increasing outstanding shar...
Visa announced another crypto venture this week, revealing an investment in stablecoin infrastructure company BVNK.
London-based BVNK announced the “strategic investment” from Visa via the payment giant’s Visa Ventures arm. It did not reveal the size of the investment, but said it came following the firm’s $50 million Series B round in December.
BVNK says it’s building a “real time, 24-7, 365 payments network” for businesses using blockchains.
Only last week, Visa announced that it was partne...