The attack began in the afternoon on July 15 when prominent cryptocurrency accounts posted similar messages calling on people to deposit bitcoin into an account with a promise that the senders would receive twice their money back. The breach then quickly expanded to major accounts in business and politics, including Elon Musk, Bill Gates, Barack Obama, and Kanye West.
Within an hour, Twitter blocked verified users from changing their passwords or posting messages in an attempt to stop the scam from spreading. The social media platform restored the functionality roughly two hours later as it continued to investigate the attacks.
“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” a Twitter spokesman said later.
The meager bounty may suggest a lack of sophistication on the part of the hackers or that the bitcoin scheme was a distraction from a larger theft. A Twitter spokesman said the company is “looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.”
“So. You have this level of access, you write a ton of automation scripting for it, and you send a lame mass bitcoin campaign. Could have easily sold this access for millions,” David Kennedy, the creator of two large-scale cybersecurity firms, wrote on Twitter. “Something isn’t adding up here and smells like a much larger campaign masked as something else.”
“We need to see what actually happened and hopefully transparency from Twitter. Could have been a very low sophisticated attacker with a huge missed opportunity or it could be something more. Just seems unusual to me.”
Sen. Josh Hawley (R-Miss.) sent a letter to Twitter CEO Jack Dorsey as the attack unfolded, recommending the Dorsey contact the FBI and the Justice Department. The senator also requested more information on the breach, including how many users in total were compromised and if data had been stolen from the accounts.
“I am concerned that this event may represent not merely a coordinated set of separate hacking incidents but rather a successful attack on the security of Twitter itself,” Hawley wrote. “A successful attack on your system’s servers represents a threat to all of your users’ privacy and data security.”
While Twitter has had security incidents in the past, Wednesday’s attacks were by far the most brazen and far-reaching. In 2017, a rogue employee briefly deleted President Donald Trump’s account. Last year, a hacker gained access to Twitter CEO Jack Dorsey’s account and posted racist messages and bomb threats.
“Tough day for us at Twitter. We all feel terrible this happened,” Dorsey wrote in a message on July 15.