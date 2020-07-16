Late last night, an historic attack hit Twitter , which saw dozens of high-profile verified accounts being taken over. The compromised accounts included those of Bill Gates, Warren Buffett, Kanye West, Kim Kardashian, Joe Biden, Jeff Bezos, Elon Musk, Barack Obama, Uber, and Apple—among many, many others.

Most of the accounts that were taken over soon posted messages about bitcoin. There were a few variations to the messages, but in general, they were worded to make it look like the Twitter account holder was asking followers to send them bitcoin, and in return they would then send the follower double the amount of bitcoin they sent.

Yeah, obviously a scam. Yet, more than 12 hours after the attack was first reported, we still have little information about who was behind it or how it happened. However, thanks to a few tweets from Twitter’s official support channel we can glean a few bits of information. The two most relevant tweets are as follows:

We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools. — Twitter Support (@TwitterSupport) July 16, 2020

We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it. — Twitter Support (@TwitterSupport) July 16, 2020

Now, let’s break these tweets down:

“We detected what we believe to be a coordinated social engineering attack . . .” A social engineering attack is one in which the attackers use psychological tricks and manipulation to get a person to either give direct access to an account or to give access to sensitive information that ultimately helps the attacker access the account. What this means is the attackers didn’t “hack” Twitter in the traditional sense—by using code or malware to infiltrate its systems.

In other words, there’s a ton we still don’t know. But that doesn’t mean Twitter doesn’t know more. It’s possible they are being coy with information at the behest of government agencies, which are likely to be involved in the investigation since the attack is so high-profile, and Twitter hosts thousands of political leaders and government agency accounts.