Tough day for us at Twitter. We all feel terrible this happened.
We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened. 💙 to our teammates working hard to make this right. — jack (@jack) July 16, 2020
How Twitter hackers social-engineered their way into VIP accounts to shill for bitcoin
Twitter said late Wednesday that hackers used social-engineering to access internal company tools and exploit a number of high-profile accounts earlier in the day. CEO Jack Dorsey also tweeted a public apology for the chaos this has caused.
A number of prominent Democrats, including U.S. Presidential hopeful Joe Biden and former President Barack Obama, were targeted. Also attacked were the Twitter accounts of Bill Gates, Elon Musk, Kanye West and New York City Mayor Mike Bloomberg, as well as the corporate accounts of Silicon Valley giants Apple and Uber.
In a statement, Twitter said that it had “detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools. We know they used this access to take control of many highly-visible (including verified) accounts and tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.”
Twitter said that it first became aware of the incident late afternoon Pacific Standard Time. It moved to remove the tweets and disable the affected accounts. Likewise, as a precautionary measure, it also temporarily disabled the ability for verified twitter accounts — with a blue checkmark — to tweet.
“This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do,” Twitter wrote.
The company said it is now looking into any other “malicious activity” the attackers may have conducted. Online security experts speculated that if attackers were able to compromise Twitter accounts in such a form, they might also have access to the direct messages those accounts had received.