Twitter suffered an unprecedented hack (opens in new tab) last night which seems to have been tied to a bitcoin scam. Hackers gained access to the an unknown, but substantial number of verified Twitter accounts including those of many famous and influential people like Bill Gates, Barack Obama, Joe Biden, Apple, Michael Bloomberg, Elon Musk, and many more. These accounts were used to send tweets linking people to a bitcoin scam, offering people a chance to double their money if they sent bitcoin to the hackers.
Twitter responded to the hack by temporarily blocking posts from all verified users on the platform, regardless of whether they had been compromised, in an effort to curb the effects of the hack.
Most shockingly of all, it looks like Twitter’s internal employee tools and systems were used in the hack, as confirmed by a series of Twitter Support tweets today.
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.July 16, 2020
While there is no official word on what these tools were or how they were accessed, Motherboard reported (opens in new tab) that various underground hacking communities had been sharing screenshots of what appears to be an internal admin tool which is used to reset account email addresses and recover passwords.
While verified users having their accounts hacked is terrible enough on its own, the end goal of this gargantuan hack seems to have been to spread a bitcoin scam using high profile and trustworthy individuals’ Twitter accounts. Hacked accounts posted a link claiming that if users sent an amount of bitcoin, the user would send back double.
What to do if you were affected by the Twitter hack?
If your account itself was compromised, it may still currently be locked by Twitter so you won’t be able to login at all. Contact Twitter Support (opens in new tab) if this is the case. Verified accounts that were not compromised have since had their posting privileges returned to them. Twitter doesn’t store financial information so there shouldn’t be any immediate risk there, but hackers may have access to your login details and any other personal information on there, including private messages.
If your Twitter account uses the same login details as any other accounts, we’d recommend you change those immediately. If you’re able to change your Twitter login details, do that too but do not use the same password as you do for anything else. We’d recommend you get a password manager if you struggle to remember multiple passwords - many of the best internet security software (opens in new tab) come with a password manager.
Avoiding online scams
While the scam might seem obvious to some, plenty of people appear to have been tricked by this bitcoin scam, and it’s easy to see why. Some of the most trusted and reputable people and companies in the world had posted offering people a chance to double their money.
The general rule you should follow online is that if something seems too good to be true, it almost certainly is. If you see links online that make offers along the lines of “send us money, and we’ll send more back” then do not click on them. It is always a scam. Report posts like this when you see them so that Twitter, or any other relevant social media platform, can remove them as soon as possible.
Beyond that, make sure you're doing everything you can to stay safe and anonymous online. We'd highly recommend signing up to one of the best VPN services (opens in new tab), as these mask your location and prevent hackers from piecing together more about you based on your location data.