Blog Post

Twitter Hack exposes the biggest cybersecurity weakness

Aug 19, 2020
Just last month the twitter accounts of some of the world’s most famous individuals and organisations started sending out tweets asking people to send bitcoin to an account. In what looked like an act of extreme generosity the accounts said they would then send back double what had been given. They were only going to do this for 30 minutes.

Any unsolicited request to transfer Bitcoin should always raise warning flags, but this was coming from the likes of philanthropists Mike Bloomberg and Bill Gates, who are well known for their generosity. Barak Obama, Kayne West, Uber, and Apple were also included in the compromised accounts.

Twitter have not yet released full details of how the accounts were hacked but it was not some of the sources we normally would assume. It was not weak passwords or lax security from the people who saw their accounts hijacked.

Twitter explained “We detected what we believe to be a coordinated social-engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” and they confirmed that 130 accounts had been exploited.

Twitter added “The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections.”

It is still unclear if this means a phishing attack was used to trick a Twitter employee into giving out the account information or if it was an inside job with bribes being made to Twitter employees.

Either way the path was by exploiting human weakness. It shows that companies need to have both security measures in place, along with regular IT security training for staff. This will help staff members to know what to look out for if they receive a potentially compromised email or phone call.

And finally, no matter what platform it comes from, Twitter, Facebook, LinkedIn, or Email, if you see someone asking you to send Bitcoin, block them and report it. It is not worth the risk and is probably a scam.
Share by: