Twitter hack was an inside job, sources say
On Wednesday, multiple verified, high-profile Twitter accounts were compromised, including the accounts of Barack Obama, Elon Musk, and Apple. Hackers made tweets requesting charitable donations in the form of Bitcoin, promising to double any contribution made within the next 30 minutes. The tweets were, of course, fraudulent — and the Bitcoin wallet addresses set up to accept the cryptocurrency “donations” belonged to the scammers.
Twitter reacted quickly to the attack, removing the offending tweets, locking down affected accounts, and preventing users from tweeting or resetting their passwords as the company attempted to get a handle on the situation.
Several hours later, Twitter’s support group released a statement saying that they believed the incident to have been caused by “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools”.
Later in the day, Jason Koebler, the editor-in-chief of Motherboard, said that Motherboard journalists had spoken to people directly involved in the hack. According to Koebler, these inside sources say that they persuaded a Twitter employee to use an internal tool to change the email addresses of multiple high-profile accounts, allowing the hackers to gain control of them. One source said that the Twitter employee was paid for their help. In order to back up these claims, the sources showed journalists screenshots of the internal Twitter admin tool used in the attack.
If the Twitter hack was an “inside job”, then there was probably not much that the account owners could have done about it. Somewhat worryingly, the owners of several hijacked accounts say that they had been using two-factor authentication, which is the standard recommendation for preventing an account takeover due to stolen credentials. If this turns out to be the case, then it may be time to rethink how we harden our accounts against attacks.
As we learn more, we will share additional details about the incident — including any updated advice for keeping your accounts secure.