Social media giant Twitter is sharing updates coming out of the second day of investigations into this week’s hack of high-profile accounts by Bitcoin scammers.
Avid readers will recall that Twitter recently fell victim to a massive social engineering scheme that compromised several high-profile accounts, including those belonging to Elon Musk, Barack Obama, Joe Biden, Kanye West, Bill Gates, Jeff Bezos, Uber, Apple and others.
“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” Twitter said in a series of updates posted to Twitter Support yesterday, hours after the attack was discovered.
The attackers, which some believe may have ties to Russia, used this access to take control of multiple verified accounts and tweet on their behalf, demanding Bitcoin donations for Coronavirus relief with the promise to reimburse donors two-fold. According to reports, the scammers had amassed over $100,000 in cryptocurrency before Twitter severed the hackers’ ties to the compromised accounts.
“We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it,” the company said.
Earlier today, Twitter resumed the update stream revealing what came out of the second day of its investigations into the breach.
“Based on what we know right now, we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident. For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts,” the first update says.
“We’re working with impacted account owners and will continue to do so over the next several days. We are continuing to assess whether non-public data related to these accounts was compromised, and will provide updates if we determine that occurred,” reads another.
Twitter users will be unable to download a copy of their data while the investigation is still ongoing. The company has taken“aggressive steps” to secure its systems and is now assessing longer-term steps it may take. Twitter promises to share more details as soon as it can.
“Thank you for your continued patience and understanding while we investigate this incident. We’ll continue to provide updates when we have them,” the last update reads.
Cybersecurity journalist Brian Krebs postulates thatthe threat actors are a group of SIM swappers whorecentlyclaimed they could change the email address associated with any Twitter account.