by Brandon Butler
Massive Twitter Hack Compromises Verified Accounts 7/15/2020

Nick Statt at The Verge, on this developing story:

The Twitter accounts of major companies and individuals have been compromised in one of the most widespread and confounding hacks the platform has ever seen, all in service of promoting a bitcoin scam that appears to be earning its creator quite a bit of money.

A message offering to send back double the amount of Bitcoins sent to a specific Bitcoin wallet was displayed on numerous accounts, with many having the message removed by Twitter only to reappear a few minutes.

The company also took the unprecedented measure of preventing verified accounts from tweeting at all starting sometime around 6PM ET. This would seem to be the first time Twitter has ever done this in the company’s history. […]

It’s unclear how widespread the operation is, but it appears to have affected numerous major companies and extremely high-profile individuals. That suggests someone, or a group, has either found a severe security loophole in Twitter’s login or account recovery process or those of third-party app — or that the perpetrator has somehow gained access to a Twitter employee’s admin privileges. According to Motherboard, numerous underground hacking circles have been sharing screenshots of an internal Twitter administration tool allegedly used to take over the high-profile verified accounts. Twitter is now removing images of the screenshot from its platform and in some cases suspending users who continue to share it. The company has not shared any details as to how the hacks were carried out.

Update: According to an update from Motherboard, it was an inside job:

A Twitter insider was responsible for a wave of high profile account takeovers on Wednesday, according to leaked screenshots obtained by Motherboard and two sources who took over accounts.

This was interesting to watch play out in realtime, but must have been devastating to Twitter internally. I’m just amazed this kind of scam is still profittable, as I can’t imagine how you could fall for something like this. As the old saying goes, if it seems too good to be true, it is. And yet… Don’t send strangers on the Internet your Bitcoins, kids!