Twitter employee sold an tool to a hacker that gave them access to sensitive data including private messages, s, email addresses and credit card information.
Several verified Twitter s were hacked on Wednesday. The attackers used the high-profile s to spread a cryptocurrency scam that has bankrupt thousands of people around the world.
The compromised high-profile verified Twitter s include Apple, Elon Musk and U.S presidential candidate, Joe Biden. How these verified s were compromised is yet undetermined, but it is believed an tool was used. These s, and many others, Tweeted a scam that included a link to an address of a bitcoin wallet with the claim that the amount of any payments sent to the linked address would be doubled and and returned.
Moments after the initial scam post surfaced, Kim Kardashian West, Jeff Bezos, Bill Gates, Barack Obama, Wiz Khalifa, Warren Buffett, YouTuber MrBeast, Wendy’s, Uber, CashApp and Mike Bloomberg also shared the same scam post.
While industry tech professionals aren’t entirely sure how such high-profile s were compromised, they believe the attackers leveraged an internal Twitter tool to gain access.
Twitter confirmed the reports on Wednesday evening with a tweet stating “a coordinated social engineering attack” on employees gave a hacker “access to internal systems and tools.”
Twitter have taken drastic measures in preventing the scam from spreading by disabling all verified s from Tweeting until the security breach is fixed.
You may be unable to Tweet or reset your while we review and address this incident.
— Twitter (@Twitter) July 15, 2020
Scott Stedman, investigative journalist and reporter at Forensic News, clarified that the information stolen during the attack includes private messages, s, email addresses, and even credit card information.
A source close to Twitter alleged that the attack originated from inside Twitter headquarters as one of their employees accepted a bribe and gave the hacker access to an internal tool that gave them access to the database containing highly sensitive information and log-in details.
Twitter employee sells tool to hacker and compromises high-profile verified s tweeting bitcoin scam.
“We used a rep that literally done all the work for us,” one of the sources told Motherboard. The second source added they paid the Twitter insider. Motherboard granted the sources anonymity to speak candidly about a security incident. A Twitter spokesperson told Motherboard that the company is still investigating whether the employee hijacked the s themselves or gave hackers access to the tool.
Twitter hacked after employee gives tool to bitcoin scammer.
The tool gives the hacker the ability to view personal information of any as well as Tweet, blacklist, and ban.
Twitter is working around the clock to restore the compromised s and secure their servers, but sadly the damage has been done for those who have been scammed. Many thousands of people have lost their entire life savings because a Twitter employee sold them out.
Further more, the leaked screenshots of the tool given to the hacker reveal just how much of your personal information can be viewed by a Twitter staff member.