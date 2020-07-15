(Adds more expert comment.)
SAN FRANCISCO, July 15 (Reuters) - A series of high-profile
Twitter accounts were hijacked on Wednesday, with some
of the platform's top voices - including U.S. presidential
candidate Joe Biden, reality television show star Kim
Kardashian, former U.S. President Barack Obama, billionaire Elon
Musk, and rapper Kanye West, among many others - used to solicit
digital currency.
Nearly two hours after the first wave of hacks, the cause of
the breach had not yet been made public. In a sign of the
seriousness of the problem, Twitter took the extraordinary step
of preventing at least some verified accounts from publishing
messages altogether.
It was not clear whether all verified users were affected
but, if they were, it would have a huge impact on the platform
and its users. Verified users include celebrities, journalists,
and news agencies as well as governments, politicians, heads of
state, and emergency services.
Twitter did not offer clarification but said in a statement
that users "may be unable to tweet or reset your password while
we review and address this incident."
The unusual scope of the problem suggests hackers may have
gained access at the system level, rather than through
individual accounts. While account compromises are not rare,
experts were surprised at the sheer scale and coordination of
Wednesday's incident.
"This appears to be the worst hack of a major social media
platform yet," said Dmitri Alperovitch, who co-founded
cybersecurity company CrowdStrike.
SECURITY BREACH
Some experts said it seemed probable that hackers had access
to Twitter's internal infrastructure.
"It is highly likely that the attackers were able to hack
into the back end or service layer of the Twitter application,"
said Michael Borohovski, director of software engineering at
security company Synopsys.
"If the hackers do have access to the backend of Twitter, or
direct database access, there is nothing potentially stopping
them from pilfering data in addition to using this tweet-scam as
a distraction," he said.
Twitter told Reuters just before 5 p.m. EDT that it was
investigating what it later called a "security incident" and
would be issuing a statement shortly. However, as of 7 p.m. the
company had still not issued an explanation of what exactly took
place.
Shares in the social media company tumbled almost 5 percent
in trading after the market close before paring their losses.
Earlier, some of the platform's biggest users appeared to be
struggling to re-establish control of their Twitter accounts. In
the case of billionaire Tesla Chief Executive Elon
Musk, for example, one tweet soliciting cryptocurrency was
removed and, sometime later, another one appeared, and then a
third.
Among the others affected: Amazon founder Jeff
Bezos, investor Warren Buffett, Microsoft co-founder
Bill Gates, and the corporate accounts for Uber and
Apple. Several accounts of cryptocurrency-focused
organizations were also hijacked.
Altogether, the affected accounts had tens of millions of
users.
Biden's campaign was "in touch" with Twitter, according to a
person familiar with the matter. The person said the company had
locked down the Democrat's account "immediately following the
breach and removed the related tweet." Tesla and other affected
companies were not immediately available for comment.
Publicly available blockchain records show that the apparent
scammers have already received more than $100,000 worth of
cryptocurrency.
Several experts said the incident has raised questions about
Twitter's cybersecurity.
"It's clear the company is not doing enough to protect
itself," said Oren Falkowitz, former CEO of Area 1 Security.
Alperovitch, who now chairs the Silverado Policy
Accelerator, said that, in a way, the public had dodged a bullet
so far.
"We are lucky that given the power of sending out tweets
from the accounts of many famous people, the only thing that the
hackers have done is scammed about $110,000 in bitcoins from
about 300 people," he said.
