The Twitter accounts of major companies and individuals were briefly taken over as part of a bitcoin scam. Former and current heads of states, global corporations, and presidential candidates had their twitter accounts compromised. The tweet from many of the twitter account said similar things, for example Kanye West's feed stated that he is "giving back to my fans"; the message from Jeff Bezos', Barack Obama, and Joe Biden's account said that they had "decided to give back to my community"; while Elon Musk's account said "feeling greatful" and provided a link to a Bitcoin wallet to send money too. The tweets would indicate that they would send double the money back to a limited number of contributors.
Twitter, through its Twitter Support account notified users that an internal investigation was conducted into the matter. The investigation revealed that several employees who had access to internal systems had their accounts compromised in a "coordinated social engineering attack." Twitter's internal system was then exploited to tweet from high-profile accounts. The attack was at least moderately successful considering the Bitcoin wallets promoted in the tweets received over 300 transactions and Bitcoin worth over $100,000.
These tweets began at about 4 P.M. (Eastern Standard Time) on Wednesday, July 15. The first wave of attacks hit the Twitter accounts of prominent cryptocurrency leaders and companies, but expanded quickly after that. Along with Vice President Biden, President Obama, Kanye West, Bill Gates, Michael Bloomberg, and Elon Musk, large company accounts were also targeted including Uber and Apple. Twitter's initial response was to take down the offending tweets, but those were quickly replaced by new ones - - an indication that the hackers maintained access to the individual accounts.
The persistence of the attacks led to Twitter disabling some the platform services including the ability of blue-checked (verified) twitter users to tweet. The services were restored around four and a half hours after the suspicious tweets began. However, that shutdown period was not insignificant. Several National Weather Service Twitter accounts were shut down as a line of severe weather and possible tornadoes moved across the Midwest. The National Weather Service felt severely hampered in its ability to communicate with people about the impending storm.
In a tweet, Twitter's CEO Jack Dorsey said that the company feels "terrible this happened" and that they are "diagnosing and will share everything we can when we have a more complete understanding of exactly what happened." The nature of this attack is yet to be determined. The legal implications will hinge on the findings of the investigation, including whether there were sensitive direct messages accessed by the attackers. Considering the compromised accounts includes current and former heads of state (Prime Minister Benjamin Netanyahu, President Obama, and Vice President Biden), there are also questions of national security involved.
The United States does not have a comprehensive federal data breach notification scheme. These obligations are provided by the fifty states and sector-specific laws. More than 40 of the state breach notification laws contain a harm threshold pursuant to which notification is not required unless harm to affected individuals has occurred or is reasonably likely to occur. The EU's GDPR also includes a similar assessment. As more information is disclosed, we will get a better understanding of Twitter and the attacked users' incident response processes.
Originally published 16 July 2020.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.