“We are giving back to our community. We support Bitcoin and we believe you should too! All Bitcoin sent to our address below will be sent back to you doubled! Only going for the next 30 minutes“, the tweet on Apple’s Twitter account read.
On 15th July 2020, around 04:00 pm in the US, many high-profile Twitter accounts of personalities including Barack Obama, Elon Musk, Bill Gates, and Jeff Bezos got hacked. The tweeted message said that any bitcoin sent to the link in the tweet would be sent back doubled.
Join our weekly newsletter and get the latest cybersecurity updates delivered directly to your inbox
The fake tweets offered $2,000 for every $1,000 sent to a Bitcoin address. Later scammers deleted the tweets and shared fake tweets again for demanding the same. In response to the incident, the Twitter support team immediately stalled the activities of the affected accounts.
Although Twitter tried to regain control by deleting these tweets, some account handles started posting the same messages again. The attack is considered to be one of the biggest social media cyber attacks of all time and the most brazen online attacks in history!
Who Got Affected in the Hack?
Twitter accounts of major US politicians, celebrities, and high-profile personalities got hacked. The names of highlighted verified users were former US president Barack Obama, Joe Biden, Apple, Uber, Elon Musk, Kanye West, Bill Gates, and Kim Kardashian among others.
As the tweets went viral, many Twitter users mocked it as a ‘Money Heist’. However, some users found these tweets legitimate and gave away their bitcoins in the scam. Around thousands of people were scammed after falling victim to compromised accounts that promised to double the amount sent by their fans through the cryptocurrency Bitcoin.
Reportedly, in this well-coordinated scam, messages by cybercriminals reached at least 350 million users with the help of Twitter’s internal systems. Scammers behind this massive breach swindled $120,000 worth of bitcoin through at least 300 transactions.
However, the US Senate Commerce Committee has demanded a brief on the incident in the coming week from Twitter. According to the social media giant, it was a “coordinated” attack that targeted Twitter’s employees with access to internal tools and systems. Twitter has currently blocked all users from tweeting Bitcoin wallet addresses.
Twitter’s Product Lead, Kayvon Beykpour took to Twitter to address the incident, followed by a series of tweets by Twitter Support.
How did the Hack Take Place?
An employee from Twitter was reportedly the reason behind the coordinated Twitter hack, but the investigation is still going on. According to the source, one of the hackers stated that they used a rep that did all the work for the hackers in the attack. Another stated that they paid an insider.
It has been reported that an internal tool was used in this attack to reset the associated email addresses of hacked accounts to make it more difficult for account holders to regain control. Later, they pushed a cryptocurrency scam and launched the whole attack.
Could the Attack Be Prevented?
This latest incident has highlighted the urgent need for all social media platforms, to cross-check their security measures. It is still not sure if an insider was behind the attack or data breach, but it did highlight the weakest link in the cyber security chain and that is ‘user’.
No matter how much endpoint security software is deployed, organizations must provide their employees with proper security awareness training. As work from home has become the new normal, various organizations and their employees are on the radar of cybercriminals.
Therefore, organizations should adopt cyber security measures in order to mitigate cyber risks and combat the prevailing cyber threats. Security awareness training tools like TSAT help employees by turning them from the weakest to the strongest link in the organization’s cyber security chain.
TSAT is a security attack simulator that simulates the top 5 cyber attacks to create awareness among employees with real-time experience. In the view of the current situation where cyber attacks are evolving at a rapid pace and cyber warfare is ongoing, Threatcop is offering organizations TSAT’s free phishing simulation.
Benefits of ThreatCop for A Robust Work Culture
- Simulates the top 6 cyber attacks
- Reduces up to 90% of cyber security risks
- Assess the cyberhealth of an organization
- Train employees with 2,000+ awareness content library