Katana VentraIP

2020 Twitter account hijacking

On July 15, 2020, between 20:00 and 22:00 UTC, 130 high-profile Twitter accounts were reportedly compromised by outside parties to promote a bitcoin scam.[1][2] Twitter and other media sources confirmed that the perpetrators had gained access to Twitter's administrative tools so that they could alter the accounts themselves and post the tweets directly. They appeared to have used social engineering to gain access to the tools via Twitter employees.[3][4][5] Three individuals were arrested by authorities on July 31, 2020, and charged with wire fraud, money laundering, identity theft, and unauthorized computer access related to the scam.[6]

Date

July 15, 2020, 20:00–22:00 UTC

Coordinated social engineering attack

High-profile verified Twitter accounts

At least 130 accounts affected. The bitcoin addresses involved received about US$110,000 in bitcoin transactions.

3, as of July 31, 2020

The scam tweets asked individuals to send bitcoin currency to a specific cryptocurrency wallet, promising the Twitter user that money sent would be doubled and returned as a charitable gesture.[7] Within minutes from the initial tweets, more than 320 transactions had already taken place on one of the wallet addresses, and bitcoins to a value of more than US$110,000 had been deposited in one account before the scam messages were removed by Twitter.[1][8] In addition, full message history data from eight non-verified accounts were also acquired.[9]


Dmitri Alperovitch, the co-founder of cybersecurity company CrowdStrike, described the incident as "the worst hack of a major social media platform yet."[2][10] Security researchers expressed concerns that the social engineering used to execute the hack could affect the use of social media in important online discussions, including the lead-up into the 2020 United States presidential election.[11][12] On July 31, 2020, the U.S. Department of Justice announced charges against three individuals in connection with the incident.[13]

Reaction and aftermath[edit]

As affected users could only retweet content, leading NBC News to set up a temporary non-verified account so that they could continue to tweet, retweeting "significant updates" on their main account.[56] Some National Weather Service forecast offices were unable to tweet severe weather warnings, with the National Weather Service in Lincoln, Illinois initially unable to tweet a tornado warning.[57] Joe Biden's campaign stated to CNN that they were "in touch with Twitter on the matter", and that his account had been "locked down".[1] Google temporarily disabled its Twitter carousel in its search feature as a result of these security issues.[58]


During the incident, Twitter, Inc.'s stock price fell by 4% after the markets closed.[59] By the end of the next day, Twitter, Inc.'s stock price ended at $36.40, down 38 cents, or 0.87%.[60]


Security experts expressed concern that while the scam may have been relatively small in terms of financial impact, the ability for social media to be taken over through social engineering involving employees of these companies poses a major threat in the use of social media particularly in the lead-up to the 2020 United States presidential election, and could potentially cause an international incident.[11] Alex Stamos of Stanford University's Center for International Security and Cooperation said, "Twitter has become the most important platform when it comes to discussion among political elites, and it has real vulnerabilities."[12]


Twitter chose to delay the rolling out of its new API in the aftermath of the security issues.[61] By September, Twitter stated they had put new protocols in place to prevent similar social engineering attacks, including heightening background checks for employees that would have access to the key user data, implementing day-to-day phishing-resistant security keys, and having all employees involved in customer support participate in training to be aware of future social engineering scams.[62]


Though not part of the Twitter incident, Steve Wozniak and seventeen others initiated a lawsuit against Google the following week, asserting that the company did not take sufficient steps to remove similar Bitcoin scam videos posted to YouTube that used his and the other plaintiffs' names, fraudulently claiming to back the scam. Wozniak's complaint identified that Twitter was able to act within the same day, while he and the other plaintiffs' requests to Google had never been acted upon.[63]


On September 29, 2020, Twitter hired Rinki Sethi as CISO and VP of the company after the breach.[64]


On November 20, 2020, Hulu aired the 5th episode of "The New York Times Presents" series entitled "The Teenager Who Hacked Twitter," which details the events of this incident.[65]

on investigation into the intrusion on its systems, what had been accessed, and their steps to correct and prevent similar attacks.

Ongoing updates from Twitter

Archived July 17, 2020, at the Wayback Machine

Overview of the bitcoin address' transactions