Thursday 16 July 2020 8:45 am

Twitter bitcoin scam: Blue tick accounts blocked after massive data breach

Hackers managed to infiltrate Twitter’s most notable blue tick accounts last night and send scam tweets supporting bitcoin before the social network clamped down on the breach.

Bill Gates, Elon Musk and Jeff Bezos were three such accounts hackers managed to compromise. Others included Apple’s official Twitter account, with tweets typically promising to double people’s investment in digital currency bitcoin.

Read more: Twitter and JP Morgan drop ‘master’ and ‘slave’ terms

That forced Twitter to take the extreme step of preventing any blue tick accounts from tweeting while security teams responded to the bitcoin-themed hack.

In a series of tweets, Twitter explained: “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.

“We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.”

Twitter immediately locked the affected accounts and deleted the offending bitcoin tweets, with Bill Gates’ reading: “Everyone is asking me to give back. You send $1,000, I send you back $2,000.”

Apple’s read: “We are giving back to our community. We support Bitcoin and we believe you should too! All Bitcoin sent to our address below will be sent back to you doubled!”

Twitter CEO Jack Dorsey said: “Tough day for us at Twitter. We all feel terrible this happened.”

Twitter’s extraordinary step of blocking blue tick accounts activity also saw the social media giant deny password reset requests and other account functionality as security teams scrambled to stop the attackers.

Michael Borohovski, director of software engineering at Synopsys, said reports of compromised accounts including those with multi-factor authentication suggested hackers had done more than simply steal passwords.

“Given that numerous high-profile Twitter accounts were compromised as part of this attack – accounts that would presumably be protected by multifactor authentication and strong passwords – it is highly likely that the attackers were able to hack into the back end or service layer of the Twitter application,” he said. 

Read more: Twitter apologises to business users for data breach

“If the hackers do have access to the backend of Twitter, or direct database access, there is nothing potentially stopping them from pilfering data in addition to using this tweet-scam as a distraction, albeit a very profitable one.”

By 12.30am UK time, verified Twitter accounts were able to tweet again. But Twitter said it was continuing to try to address the bitcoin-themed breach.

The social media firm’s stock fell just 3.2 per cent in after-trading hours.