It was a bad day even by Twitter standards. In what is being dubbed as one of the “most brazen online attacks in memory”, the most powerful Twitter accounts in America were all tweeting about Bitcoins on Wednesday afternoon. It was a scam, of course, but one that got a social push from the biggest political and entertainment handles in the United States. Twitter tried to regain control and delete the messages, but some of the handles were posting similar messages even after that.
Among the affected names are former president Barack Obama, presidential hopefuls Joseph R. Biden Jr. and Kanye West, tech stars Bill Gates and Elon Musk, as well as institutional handles like @Apple. As Twitter tried to regain control, verified handles across the world went mute for a while and were unable to tweet.
What was the Twitter hack all about?
Around 4 pm Wednesday in the US, many high-profile accounts started tweeting a message saying any bitcoin sent to a link in the tweet will be sent back doubled, an offer the tweet said last just for 30 minutes.
Apple and Uber handles were among the first to be impacted, followed by those of Musk and Gates. In a couple of hours, it had taken over the handles of Obama, Biden, Mike Bloomberg and Amazon founder Jeff Bezos. Around the time handles of boxer Floyd Mayweather and celebrity Kim Kardashian had been affected, Twitter locked most large verified accounts across the US and rest of the world.
However, in the four-odd hours the tweets were live, the Bitcoin wallet promoted in the tweets received over $100,000 via at least 300 transactions.
What is Twitter saying about the incident?
Twitter’s product lead Kayvon Beykpour tweeted that their “investigation into the security incident is still ongoing”, and promised more updates from @TwitterSupport. “In the meantime, I just wanted to say that I’m really sorry for the disruption and frustration this incident has caused our customers,” he said.
In a series of tweets, @TwitterSupport acknowledged the “security incident” and informed users that they maybe be unable to tweet or reset passwords till the micro-blogging platform reviewed the incident.
About four hours after the first acknowledgment, the handle said: “Most accounts should be able to Tweet again. As we continue working on a fix, this functionality may come and go. We’re working to get things back to normal as quickly as possible.”
Twitter CEO Jack Dorsey called it a tough day for “us at Twitter”. “We all feel terrible this happened. We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened,” he tweeted.
How did the Twitter hack happen?
According to Twitter Support, the “coordinated social engineering attack” was executed by people who “successfully targeted some of our employees with access to internal systems and tools”. “We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it,” another tweet said. Twitter said that even as it has limited functionality of the affected accounts, it also restricted access to internal systems and tools.
Clearly, the vulnerability that has been exploited was within the Twitter systems and not on the user side.
📣 Express Explained is now on Telegram. Click here to join our channel (@ieexplained) and stay updated with the latest
What are implications of this security incident?
The implications are huge given the fact that the most powerful and popular accounts have been hacked. Given the influence Twitter has over political conversations globally, and in the US in particular, the verified handles of so many politicians being compromised at the same time does not augur well for the platform.
At least one Senator, Josh Hawley from Missouri, has written to Twitter CEO Jack Dorsey asking for an explanation once the problem has been fixed. Twitter will have some explaining to do to the American political establishment in the coming days.
The incident is also critical because it has happened in an election year. Last elections, the conversation in the US was also about social media being manipulated for political gain.
This new incident has also shown that social media giants could be more vulnerable than before.
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines