Late last night, an historic attack hit Twitter, which saw dozens of high-profile verified accounts being taken over. The compromised accounts included those of Bill Gates, Warren Buffett, Kanye West, Kim Kardashian, Joe Biden, Jeff Bezos, Elon Musk, Barack Obama, Uber, and Apple—among many, many others.
Most of the accounts that were taken over soon posted messages about bitcoin. There were a few variations to the messages, but in general, they were worded to make it look like the Twitter account holder was asking followers to send them bitcoin, and in return they would then send the follower double the amount of bitcoin they sent.
Yeah, obviously a scam. Yet, more than 12 hours after the attack was first reported, we still have little information about who was behind it or how it happened. However, thanks to a few tweets from Twitter’s official support channel we can glean a few bits of information. The two most relevant tweets are as follows:
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
— Support (@Support) July 16, 2020
We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.
— Support (@Support) July 16, 2020
Now, let’s break these tweets down:
- “We detected what we believe to be a coordinated social engineering attack . . .” A social engineering attack is one in which the attackers use psychological tricks and manipulation to get a person to either give direct access to an account or to give access to sensitive information that ultimately helps the attacker access the account. What this means is the attackers didn’t “hack” Twitter in the traditional sense—by using code or malware to infiltrate its systems.
- “. . . by people who successfully targeted some of our employees with access to internal systems and tools.” Here Twitter is saying that some of its employees who had access to (apparently critical and wide-ranging) tools were the ones who were targeted in the attack. In other words, these employees were duped into giving the attackers access to the verified accounts either directly, or by surrendering relative information that ultimately allowed the attackers access.
- “We’re looking into what other malicious activity they may have conducted or information they may have accessed.” This line from the second tweet above is the relevant part. It means Twitter is currently uncertain whether the attack left other parts of the service vulnerable. They know the attackers tweeted on the account holders’ behalves, but it’s possible the attackers compromised Twitter or the account holders in other ways, too.
In other words, there’s a ton we still don’t know. But that doesn’t mean Twitter doesn’t know more. It’s possible they are being coy with information at the behest of government agencies, which are likely to be involved in the investigation since the attack is so high-profile, and Twitter hosts thousands of political leaders and government agency accounts.
But no matter who is behind the attack, one thing is for sure: The attack is a major embarrassment for the company. As Twitter’s CEO Jack Dorsey summed up: “Tough day for us at Twitter.”
Tough day for us at Twitter. We all feel terrible this happened.
We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.
💙 to our teammates working hard to make this right.
— jack (@jack) July 16, 2020
Recognize your brand’s excellence by applying to this year’s Brands That Matter Awards before the early-rate deadline, May 3.