Social media firm Twitter said 130 accounts were targeted by hackers in the Bitcoin scam two days ago, including those of Barack Obama, Elon Musk, and Bill Gates.
According to Twitter, it is still trying to determine whether private data was stolen from the 130 accounts attacked by the hackers to promote a Bitcoin scam. This could include direct messages.
The company said: "We're working with impacted account-owners and will continue to do so over the next several days. We are continuing to assess whether non-public data related to these accounts was compromised."
An investigation is currently being undertaken by the Federal Bureau of Investigation (FBI).
Attack on verified Twitter accounts
On Wednesday, Twitter said several prominent US accounts were compromised to promote a cryptocurrency scam due to an attack by hackers on some of its employees with access to the company’s internal tools.
Twitter’s support team said: “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
The hackers were able to bypass account security by somehow gaining access to Twitter's own internal administration tools.
In a series of tweets, the company said: “We know they [the hackers] used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf.”
The affected accounts include those of former President Barack Obama, Kanye West, Kim Kardashian West, Warren Buffett, Jeff Bezos and Mike Bloomberg. The accounts posted similar tweets soliciting donations via Bitcoin to their verified profiles.
Gates’ tweet read: “Everyone is asking me to give back, and now is the time. I am doubling all payments sent to my BTC address for the next 30 minutes. You send $1,000, I send you back $2,000…Only going on for 30 minutes! Enjoy!”
A spokesperson for Gates stated: “We can confirm that this tweet was not sent by Bill Gates. This appears to be part of a larger issue that Twitter is facing. Twitter is aware and working to restore the account.”
Despite being one of the most prominent Twitter users, President Donald Trump was unaffected by the attack.
There has been speculation in the past that President Trump has implement additional security to his account since it was deactivated by an employee on their last day of work in 2017.
Tim Cotten, a Bitcoin researcher, explained that the first Bitcoin wallet featured in some of the tweets only became active on Wednesday and that in the hours immediately after the tweets were posted, it received more than $100,000 worth of Bitcoins through hundreds of transactions.
Initial findings from investigations
Earlier this week, researchers at cyber-crime intelligence firm Hudson Rock found an advertisement on a hacker forum claiming to be able to steal any Twitter account by changing the email address to which it is linked.
A screenshot of the panel usually reserved for high-level Twitter employees was posted, which appeared to enable full access to an account by adding an email to an account or "detaching" existing ones.
This means that at least 36 to 48 hours prior to the attack, the hackers already had access to the internal administration tools.
The researchers have determined at least one Twitter account linked to the attack and have already suspended it. The remaining concern is whether the hackers still possess the private Direct Messages of the accounts over which they took control.
Roi Carthy, chief executive officer (CEO) of Hudson Rock said: "Bitcoin scam is a misguided way to frame this incident."
"If anything, the 'scam' part supports the conclusion that the group behind the attack was, to Twitter's luck, unsophisticated. The incident can either be characterised as an account take-over campaign for sale on the Darkweb, or a data breach to get a hold of Direct Messages for malicious purposes," Carthy argued.