The Great Twitter Hack: What Went Wrong
On 15th July, social media giant Twitter suffered its most catastrophic breach in the company’s fourteen year history.
Targeting Twitter’s most influential celebrities, cyber-hackers conducted an attack promoting a cryptocurrency scam. The hacked accounts included the likes of Barack Obama, Bill Gates, Tesla CEO Elon Musk, Amazon founder Jeff Bezos as well as Uber and Apple’s corporate accounts.
The carefully-planned attack involved an account takeover known as SIM swapping – this is where fraudsters coerce, trick or bribe employees to gain access to the company’s administrative tools or top-level account credentials.
Their first step was to change the email address of each account, and then turn off two-factor authentication so that account change alerts would only be sent to the hacker’s email address.
Once the accounts were under their control, the cybercriminals began targeting an audience of at least 350 million with their fraudulent tweets. All of the hacked verified accounts instructed fans to transfer cryptocurrency to a specific bitcoin wallet in order to double their money.
Overall, around $110,000 was transferred in the few hours that the attack was active.
Why is it a concern?
In the grand scheme of things, the hack could have been a lot worse. But the fact that hackers were able to gain such a high-level of access raises serious questions about Twitter’s security practices.
The platform is used for official communications by governments all over the world during emergencies, and it’s concerning that a hack on the scale of this attack could have been more disruptive – or even dangerous.
It was an unprecedented attack on security, trust and privacy that has truly shaken the technology world.