Twitter Hack Affected About 130 Accounts

Earlier this week, Twitter experienced the largest cyberattack in its history. Numerous accounts belonging to public figures, companies, cryptocurrency exchanges, and more were compromised. Among those affected were Bill Gates, Elon Musk, Jeff Bezos, Joe Biden, Barack Obama, Warren Buffett, Kanye West, Kim Kardashian, Apple, Uber, and major crypto exchanges like CoinDesk, Binance, and Gemini, among many others.

The attackers used their access to these high-profile accounts in a peculiar way: they launched a fake Bitcoin giveaway. The hackers’ messages promised users huge profits if they first sent a small amount of Bitcoin to a specified address. This classic scam technique involved asking for a small amount of cryptocurrency with the promise to double and return any amount received.

How the Attack Happened

According to Twitter representatives, the root cause was a coordinated social engineering attack targeting company employees. As a result, the attackers gained access to unnamed internal systems and tools, which they used to take control of many popular accounts.

To minimize risks, Twitter engineers took what they called a “destructive” but preventive measure by locking a large cluster of accounts (even those not obviously affected), restricting their ability to post and use other features, including password resets.

Investigation Progress

New updates and details have appeared on Twitter’s support page. The company clarified that account lockdowns did not necessarily mean those accounts were compromised. For security reasons, all accounts that had a password reset or even an attempted reset in the last 30 days were locked. However, Twitter does not plan to reset user passwords, as the attackers did not gain access to them.

Currently, the restrictions are gradually being lifted (this may take some time, as specialists are carefully verifying that access is returned to the rightful account owners), but many users may still be unable to change their passwords or post messages. The function to download all data and messages is also temporarily unavailable.

Twitter specialists report that the attack affected a relatively small number of accounts. According to the latest data, only about 130 accounts were compromised.

The company is still investigating what other user information the hackers may have accessed (such as private messages, scheduled, or saved tweets), but so far, Twitter has not provided any specifics.

Who Was Behind the Hack?

So far, Twitter has not commented on who might be behind the attack, leading to a surge of rumors online. According to TechCrunch, citing sources in the hacker underground, the attack was carried out by a hacker known as Kirk. Journalists report that during the incident, Kirk not only ran the fake cryptocurrency giveaway, earning about $120,000, but also used a tool to reset the email addresses linked to accounts, making it harder for owners to regain control.

Previously, Kirk was reportedly involved in selling access to popular Twitter accounts, including trading simple and recognizable usernames, which can be worth hundreds or even thousands of dollars.

However, during the mass attack, the hacker was not targeting specific accounts but had access to an internal Twitter tool that allowed effective control over user accounts. Screenshots of this tool were provided to TechCrunch and Vice Motherboard by their sources. Twitter has been actively removing these screenshots from its platform and banning those who post them (edited versions can still be found online).

The screenshots show that Twitter employees can control user accounts, including changing the email addresses linked to them and fully blocking accounts. The “Search blacklist” and “Trend blacklist” buttons indicate that employees can determine which messages appear in search and trends on the platform.

In response to criticism and accusations of censorship, Twitter staff noted that the company has never hidden the fact that not everything users post can appear in trends.

Interestingly, Vice Motherboard reported that the “coordinated social engineering attack” was actually an inside job. According to journalists and their anonymous sources, hackers simply bribed a Twitter employee to gain access to the administrative panel.

If true, this would not be the first such incident at Twitter. In 2017, a Twitter employee temporarily deleted President Donald Trump’s account, and in 2019, the U.S. Department of Justice reported that two Twitter employees abused their access to spy for Saudi Arabia.

Consequences and Reactions

The FBI has already joined the investigation, and New York Attorney General Letitia James stated that the attack raises serious concerns about data security and how such platforms can be used to harm public debate. The prosecutor’s office has also launched its own investigation.

Senator Ron Wyden questioned why Twitter has not implemented end-to-end encryption for direct messages, even though the company was working on this feature back in 2018. Activist Eva Galperin from the Electronic Frontier Foundation added, “Twitter wouldn’t have to worry about whether an attacker could read, steal, or alter DMs if they had implemented e2e for DMs, as EFF has been asking them to do for years.”

Another U.S. senator, Josh Hawley, called on Twitter to cooperate with authorities, including the Department of Justice and the FBI, to ensure security. “I am concerned that this event may not have been just a series of isolated incidents, but rather a successful and coordinated attack on the security of Twitter itself,” Hawley said, having already asked Twitter CEO Jack Dorsey to provide authorities with more information about the incident.