Hacked Twitter accounts of celebrities has shed light on the microblogging platform’s weak security system.
The list of accounts commandeered simultaneously grew rapidly to include Joe Biden, Mike Bloomberg, Barack Obama, Uber, Microsoft co-founder Bill Gates, bitcoin specialty firms and many others.
The official Twitter accounts of Apple, Elon Musk and Jeff Bezos posted messages attempting to convince people into sending cryptocurrency bitcoin in a massive scam.
In a series of tweets, the company said: "We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools."
The hackers then "used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf."
The company statements confirmed the fears of security experts that the service itself - rather than users - had been compromised.
Posing as celebrities and the wealthy, the hackers asked followers to send the digital currency bitcoin to a series of addresses. By evening, 400 bitcoin transfers were made worth a combined $120,000. Half of the victims had funds in US bitcoin exchanges, a quarter in Europe and a quarter in Asia, according to forensics company Elliptic.
While Twitter scrambled to fix what it termed to be a "security breach", the message posted by the hackers on these accounts has promoted netizens to ponder the irony of billionaires and politicians ‘giving back to the community.’
Read: Online attack targets VIP twitter users like Biden, Obama, Elon Musk, Bill Gates in Bitcoin scam
Joe Biden, ex-Vice President of the US and currently running for office, twitter account said— “I’m giving back to the community. All Bitcoin sent to the address below will be sent back double! If you send $1,000, I will send back $2,000. Only doing this for 30 minutes.”
Barack Obama’s account repeated the same message. The fake messages that appeared on the accounts of other famous personalities made similar promises of instant riches.
Elon Musk, CEO of Tesla Inc. account said—“I’m feeling generous because of Covid-19. I’ll double any BTC payment sent to my BTC address for the next hour. Good luck, and stay safe out there!” In May, he had said that the stay-at-home orders to curb the spread of coronavirus was forcing people to be imprisoned in their homes against their constitutional rights.
Floyd Mayweather, professional boxer, account said—“I’m giving back to my community due to Covid-19! All Bitcoin sent to my address below will be sent back doubled. If you send $1,000, I will send back $2,000. Only doing this for the next 30 minutes! Enjoy.”
American billionaire and Microsoft founder Bill Gates was not left behind. His account said—“Everyone is asking me to give back, and now is the time. I am doubling all payments sent to my BTC address for the next 30 minutes. You send $1,000, I send back $2,000. Only going on for 30 minutes! Enjoy.”
Jeff Bezos, founder of Amazon and Blue Origin and the richest man in the world, account said—“I have decided to give back to my community. All Bitcoin sent to my address below will be sent back doubled.I’m only doing a maximum of $50,000,000. Enjoy!”
Bezos, Gates and Musk are among the 10 richest people in the world, with tens of millions of followers on Twitter.
The three men are worth a combined $362 billion, according to the latest calculations by Forbes magazine.
Celebrities Kanye West and his wife, Kim Kardashian West, were also hacked.
Kanye West’s account said— “I am giving back to my fans. All Bitcoin sent to my address below will be sent back doubled. I’m only doing a maximum of $ 10,000,000.Only going on for 30 minutes.”
Kim Kardashian’s account said—“Feeling nice! All BTC sent to my [address] will be sent back doubles, enjoy.”
The hackers also targeted Apple, Uber and many other top American companies.
Apple’s official account said—“We are giving back to our community. We support Bitcoin and we believe you should too! All Bitcoin sent to our address below will be sent back to you doubled. Only going on for the next 30 minutes.”
A mobile payment application called CashApp’s account said —“Happy Wednesday! We have decided to give back to our community, all Bitcoin sent to our address will be sent back doubled@ If you send us 0.5 BTC, we will send you back 1 BTC. This only last for 30 minutes, enjoy”
"Given the accounts that got hacked more recently (Apple, Uber, Gates, Musk, etc), I am now leaning towards this being an internal compromise of a Twitter system, not an API attack from a social aggregator service," bitcoin authority and author Andreas Antonopoulos said in a tweet from his @aantonop account.
Rachel Tobac of cyber-security firm SocialProof Security theorized that hackers got control of a Twitter employee's administrative access to "take over a prominent account and tweet on their behalf."
The account of US President Donald Trump, which has more than 83 million followers, was not among those hacked.
Those transfers left history that could help investigators identify the perpetrators of the hack. The financial damage may be limited because multiple exchanges blocked other payments after their own Twitter accounts were targeted.
(With inputs from Agencies)